BisonFTP has a flaw that allows a remote attacker to access arbitrary files and directories outside of the FTP base path. The issue is due the server not properly checking permissions of .bdl files that are linked to arbitrary paths. By uploading a specially crafted .bdl file, an attacker can traverse out of the FTP base path to any directory.
Upgrade to version V4R2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.