Debian Security Advisory DSA 087-1 (wu-ftpd)

Summary
The remote host is missing an update to wu-ftpd announced via advisory DSA 087-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20087-1
Insight
CORE ST reports that an exploit has been found for a bug in the wu-ftpd glob code (this is the code that handles filename wildcard expansion). Any logged in user (including anonymous ftp users) can exploit the bug to gain root privilege on the server. This has been corrected in version 2.6.0-6 of the wu-ftpd package.