This is well worth fixing. A lot of software calls system() or doesn't vet the environment variables passed to execve(). Some of those programs will be network connected (perhaps CGI programs). As a result this bug is remotely exploitable via particular network-facing applications.
-glen _______________________________________________ Link mailing list [email protected] http://mailman.anu.edu.au/mailman/listinfo/link
