> Successful exploitation has been demonstrated on 32-bit Linux/glibc systems with ASLR. Under lab conditions, the attack requires on average 6-8 hours of continuous connections up to the maximum the server will accept.

It's pretty bad, but not trivial to exploit, especially since most machines are 64-bit with a larger space for ASLR.