Wu-ftpd is a widely used unix ftp server. It contains a format string vulnerability that may be exploitable under certain (perhaps 'extreme') circumstances.
When running in debug mode, Wu-ftpd logs user activity to syslog in an insecure manner. An attacker with control over the server's hostname resolving facility could exploit this vulnerability to get root access remotely on the victim host.
The following example demonstrates the vulnerability.
Note: /etc/hosts is used as the example name resolving mechanism. Could be DNS, NIS, etc.