If possible, make /tmp its own file system and mount it with 'noexec'. This really helps stop these types of attacks. In fact I would recommend 'rw,noexec,nosuid,nodev' as the mount options. Of course if you need to have executables in /tmp then this won't work. :)
M -- Michael F. Sprague | mfs@saneinc.net http://www.saneinc.net | Provider of SpamOnion anti-spam service System and Network Engineering (SaNE), Inc