It is hilarious that you claim this is not remotely exploitable in response to a post describing how a very simple and limited scan has already found thousands of vulnerable hosts in a short timeframe.
And I dare say there are lots of admins who do not know exactly what their servers are going to execute because they're using software written by other people. That's why we call them admins, not software developers.
By the way, system() can be used in quite a lot of languages, not just in plain C.
And there are definitely more attack vectors than CGI. CGI is just the most obvious one.
Well, let these _admins_ worry about this. This is of no concern for the moment for a regular Linux or OS X user.
Now, an admin _must_ know every service running on entrusted boxes facing the Internet. CGI scripts hopefully are not common these days. If you run them do stop for other reasons.
So far every "attack vector" implies having shell access to the target machine in some form. No need to panic for majority of people.
Can you clarify this? As a Mac OS X user who connects to public wifi often, I'm still in the dark about whether I should literally turn off my wifi for now..
And I dare say there are lots of admins who do not know exactly what their servers are going to execute because they're using software written by other people. That's why we call them admins, not software developers.
By the way, system() can be used in quite a lot of languages, not just in plain C.
And there are definitely more attack vectors than CGI. CGI is just the most obvious one.