GuildFTPd 0.999 allows remote malicious users to cause a denial of service (crash) via a GET request for MS-DOS device names such as lpt1.
steve poulsen guildftpd 0.999