So either they are bluffing or the eploit does exist. I prefer not to assume the former. And I don't exactly consider these folks a trusted third party.
you're right - this also confused me. I guess they are bluffing... So I tried it against different systems and it did'nt work.
The comments imply that there is a different exploit for each OS (different "peculiarity" in each one makes it possible) and they only released the one for OpenBSD. Even Apache seems to have believed that it was not exploitable on 32 bit *nix. They are recommending upgrading to 1.3.26, which they say corrects the "core" problem. Hopefully they are right. Since the Linux exploit has not been published it's hard to know whether this fixes the problem... but if it is sufficient against the published OpenBSD exploit then I guess we have to go with that. However, I'm patching SuSE 7.0, 7.1, and 7.2. I guess I'm not going to get exactly 1.3.26 from SuSE for these. So I'd really like some sort of statement from SuSE indicating whether or not the potential remote root issue on my system will be addressed by their patch.