Bugtraq just reported the following: http://online.securityfocus.com/archive/1/302603/2002-12-06/2002-12-12/0 all three of these are present in the 2.1.7 code in RHL 8.0....
This is CAN-2002-1347 and an erratum is in progress