Any SUID binary which allows library loading would work for this purpose. Normally that's not a security problem, but a combination of other factors has allowed it to become one.
"Normally that's not a security problem" ? PulseAudio allowing arbitrary code loaded into a suid root app via command line parameters is a gaping security hole by itself.
This exploit used a trivial root exploit to setup a deeper kernel level exploit, that can bypass SELinux, hide itself completely, etc.
