Security Update 2003-08-14 is now available APPLE-SA-2003-08-14 realpath.
It addresses CAN-2003-0466, a potential vulnerability in the fb_realpath() function, used by the FTPServer and Libc projects, which could allow a local or remote user to gain unauthorized root privileges to a system.
Now then, when you do a search, for CAN-2003-0466 on CERT.org, Apple DID NOT RESPOND to this on July 31, 2003. Other manufacturers CAME OUT WITH FIXES 10 days ago. Apple still buried their head in the sand.