GEN:SID 1:349
Message FTP EXPLOIT MKD overflow
Summary This event is generated when an attack attempt is made against an ftp
server possibly running a vulnerable ftpd
Impact Possible execution of commands on the affected server as with elevated user privileges
Detailed Information The Washington University ftp daemon (wu-ftpd) has a problem with very
log directory names. There is insufficent checking on directories
created by users allowing possible insertion of data into the stack.This
can lead to execution of code with root / elevated user privileges.
Affected Systems NcFTP Software NcFTPD 2.3.5
Washington University wu-ftpd 2.4.2 (beta 18) VR10
RedHat wu-ftpd 2.4.2 b18-2
Washington University wu-ftpd 2.4.2 academ[BETA-18]
Probably others as well, susspect anything under Washington University wu-ftpd 2.6.0 for this particular exploit.
Attack Scenarios A local attacker will attempt to create long named directories on the
ftp server wich are not checked correctly in the server code. This can
allow commands to be executed with elevated user privileges
Ease of Attack simple
Corrective Action Upgrade to newest version of wuftpd, or replace with something more secure.
Additional References  
Rule References bugtraq: 113
bugtraq: 2242
cve: 1999-0368