Well, there's a workaround that will work everytime: I call it the "pull-the-plug universal workaround"! :-)
>Then there's the issue of whether disclosing the security bug will help system administrators implement work-arounds to protect their systems. It almost needs to be on a case-by-case basis.
Sylvain Demers