Its in a protocol layer of RDS which is a data package protocol for operating databases eg Oracle. You have to be on the local machine with a local account to be able to use it. ie you the user have to want to get into your own machine. Any self respecting linux user would know if you want to zero the root passwd and have access all you have to do is boot via a liveOS and zero the root passwd in the passwd file. Its only really an issue if you have a work machine aka your a dealer on the stock exchange. Even if you do get the local admin rights you still have no access to the servers.

For this to be able to work the RDS services has to be up, in 99% of the linux machines it won't be turned on.

The second flaw was part of the GNU C. libarys. And I might add as well there is no way I would ever open that link of yours. Its a C script that will screw every type of OS if it has something nasty inside it.

Which again is the main issue with nastys, users clicking on things that they don't have a clue what they do. Call it security_update.doc.c. most folk won't spot the c. on the end click on it and trigger the script.