Hi!
Haggis posted a working exploit for 1.4.2 on full-disclosure:
http://lists.netsys.com/pipermail/full-disclosure/2003-September/010489.html
I suggest an immediate release of a fix, and a security advisory.
Andreas
--
"The Board views the endemic use of PowerPoint briefing slides instead
of technical papers as an illustration of the problematic methods of
technical communication at NASA."
-- Official report on the Columbia shuttle disaster.