You can (naturally) not avoid the attack and thereby the process from crashing - but you can avoid the effects of it. E.g. if you restrict the suid-root process form spawning new processes, it would not be able to spawn a root shell, programs liks passwd and cdrecord would be good candidates to this restriction.Also simple bufferoverflows in suid-root programs may be avoided.
How?
Sure... but not all programs really need access to this. My calendar on my PDA for one do not. It (restricting /var) was, as I hope you guessed?, an example!The simple way would to set the restriction "no fork", and thus if an attacker tries to fork a (root) shell, this would be denied.
A simple exec(2) will do. Or overwriting a file. Or... If you restrict all
potentially dangerous operations, you have nothing useful left.
Another way could be to heavily restrict access to the filesystem. If the program is restricted from /var, the root shell spawned by the attack would not have access either. (restrictions are enherited from parent to children).
Just delete /var. Oops, it is there for a purpose...