Symlink Attack in Login Leading to Arbitrary File Ownership - Full Disclosure

Over the weekend Paul Szabo wrote on Full Disclosure http://archives.neohapsis.com/archives/fulldisclosure/2008-11/, an entry about group-utmp-to-root escalation vulnerability in /bin/login with a link to the bug he reported to Debian bug tracker #505271, http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=505271. The Bug goes on to demonstrate that writing a suitable utmp entry would trick the login(1) process into changing the ownership of any file on the system. In the Bug Track he asked that this issue be sent to other Linux distributions so the fix could be added to their distributions.
Paul Szabo had been attempting to get this issue addressed since the beginning of the month before publishing this issue.