ProFTPD 1.3.0a released
CVS-2006-5815 対応で、詳細は Bug #2858 を参照のこと、だそうです。
なおバージョンアップできない場合は回避策として以下の説明がされています。
========== Mitigation ========== Some users may not be able to immediately patch their ProFTPD installations. Until they are able to install a patched version, the following steps can mitigate the impact of this flaw: - Remove DisplayConnect, DisplayLogin, DisplayChdir, DisplayFirstChdir, DisplayFileTransfer, AccessDenyMsg, and WrapDenyMsg directives from your ProFTPD configuration. - Avoid using variable substitutions/magic cookies/%-style escapes in /etc/shutmsg, when specifying a warning message with the ftpshut(8) command, or in RewriteRule directives. - Add a DenyFilter directive to your configuration to limit FTP command arguments to only characters that you require. For example: 'DenyFilter [^A-Za-z0-9_.-]' limits FTP command arguments (such as filenames) to alphanumeric characters, the underscore, period, and dash.
うちの会社は ProFTPD を結構使ってるからなぁ... 大変だ > 担当の人々 ^^;)。