Local proof of concept for non-setuid binary /bin/sfxload which overflows the $HOME environment variable. Tested on Red Hat 7.0 and 7.2. Other setuid programs may call this binary, leading to privilege escalation.
fba83a1d7358cb4bbde5773a64e9b9700c008093044e9eb8b18d983f0b18adb3