Debian Security Advisory DSA 087-1 (wu-ftpd)

The remote host is missing an update to wu-ftpd announced via advisory DSA 087-1.
CORE ST reports that an exploit has been found for a bug in the wu-ftpd glob code (this is the code that handles filename wildcard expansion). Any logged in user (including anonymous ftp users) can exploit the bug to gain root privilege on the server. This has been corrected in version 2.6.0-6 of the wu-ftpd package.