A local exploit has no "remote exploitation risk" by its very definition. Your statement just shows that you have no clue what you are talking about.
Except if combined with a remote vulnerability, perhaps in the web app running locally on the server, or your web browser running on your laptop.
“Its exploitation requires two non-default options: a ProxyCommand, and either ForwardAgent (-A) or ForwardX11 (-X),” Qualys said. “This buffer overflow is therefore unlikely to have any real-world impact.”
99.9% of all *nix servers on the planet with SSH on them do not use either option. Good that they patched it, but otherwise, I don't think I'm going to be in a massive hurry to do a crash-patching this weekend.
It's a client-side bug, and both agent and X11 forwarding are fairly common there.
The perversity of nature is nowhere better demonstrated by the fact that, when exposed to the same atmosphere, bread becomes hard while crackers become soft.