Description of problem: The vulnerability described in CAN-2003-0853 (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0853) and fixed in Redhat 9 (http://rhn.redhat.com/errata/RHSA-2003-309.html) and Redhat Enterprise (http://rhn.redhat.com/errata/RHSA-2003-310.html) does not seem to be applied to the version of coreutils found in Fedora Core 1. Version-Release number of selected component (if applicable): coreutils-5.0-24
Eek! Looks like you're right.
Note that wu-ftpd is not shipped in Fedora Core 1, and vsftpd uses an ls built-in.