This exploit takes advantage of a stack based overflow. Once the stack corruption has occurred it is possible to overwrite a pointer which is later used for a memcpy. This gives us a write anything anywhere condition similar to a format string vulnerability.
Running DISA SRR scripts against your server can get you easily rooted. They run arbitrary binaries discovered on the filesystem as root. They apparently need another Security Readiness Review script to first audit their own Security Readiness Review scripts.