CORE ST reports that an exploit has been found for a bug in the wu-ftpd glob code (this is the code that handles filename wildcard expansion). Any logged in user (including anonymous FTP users) can exploit the bug to gain root privileges on the server. This has been corrected in version 2.6.0-6 of the wu-ftpd package.
This has been corrected in version 2.6.0-6 of the wu-ftpd package.
MD5 checksums of the listed files are available in the original advisory.