The glibc developer Ulrich Drepper claims that this security problem is fixed in later versions of glibc. See <URL:http://sources.redhat.com/ml/libc-alpha/2003-04/msg00124.html>. I'm not sure in which version this was fixed.