There exists a vulnerability with certain configurations of certain ftp daemons with which users with a valid ftp only acccount on a system may execute arbitrary commands (including binaries supplied by themselves). There also exists the possibilty that anonymous ftp users may execute arbitrar y commands (also including binaries supplied by themselves). While this vulnerability is entirely configuration dependent. The required configuration is rather common. Exploit information here.