That was my question too... how did it get there? I mean, kernel modules don't just magically appear and install themselves... :-P
Using any of the endless parade of exploits that constantly emerge for linux, I would imagine. Why does it matter?
1) You get root just one time
2) Then you can install any kind of root kit or do any other kind of goddam random or fiendishly convoluted havoc you can think of
You know the kind of shabby security joke that Windows turned into? The same thing has happened to linux and BSD - and I say that as a HUGE booster of open source. It's been building relentlessly, but it became official this year with HeartBleed, ShellShock, and now this. And note that this latest is fundamentally different from any of the usual exploits. This one is NOT a bug in any IMPLEMENTATION of the protocol SSL 3.0. It is the discovery that the DESIGN of the protocol has been broken all along. You can't "fix" it by finding some coding boo-boo. It is vulnerable when working AS DESIGNED. If you update the protocol, then it's not SSL 3.0 any more and all kinds of people get cut off from secure access to various servers until everybody is moved over to TLS.
You have two choices:
1) Remove SSL 3.0 protocol capability from ALL clients everywhere, or all servers everywhere, or go after both of them tearing it out. This will break the internet until all servers and clients support AND USE TLS.
2) Live with passwords and other secure data getting pwned right and left.
If you think I've misinterpreted the problem, please tell me exactly where.