A remote overflow exists in bftpd. The USER command fails to validate user-supplied input resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.
Upgrade to version 1.0.12 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.