A remote overflow exists in BFTPD. The daemon fails to filter input to the SITE CHOWN command resulting in a buffer overflow. With a specially crafted request, an attacker can cause a denial of service, and potentially execute arbitrary code. This may result in a loss of availability and/or integrity.
Upgrade to version 1.0.24 or later, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): set ENABLE_SITE=no in /etc/bftpd.conf