BUGTRAQ is alive with exploits and vendor announcements about
these vulnerabilities.
Alex Yu (for wu-ftpd) wrote in a
recent message that wu-ftpd-2.4.2-beta-18-vr4 through
wu-ftpd-2.4.2-beta-18-vr15, wu-ftpd-2.4.2-vr16 and
wu-ftpd-2.4.2-vr17, and wu-ftpd-2.5.0 are known to be
vulnerable.
BeroFTPD, all present versions.
Additionally, an exploit
has been posted for ProFTPD.
Vendor packages should be released soon. In the meantime, you
may consider disabling your ftp daemon for now, by commenting out
the line in /etc/inetd.conf, and restarting inetd with ‘killall
-HUP inetd’.