WU-FTPD contains a flaw that may allow a malicious local user to overwrite arbitrary files on the system. The issue is due to the 'privatepw' program creating temporary files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.
Currently, there are no known workarounds or upgrades to correct this issue. However, the WU-FTPD Development Group has released a patch to address this vulnerability.
It is possible, but not confirmed, that version 2.6.2 corrects this issue.