For over a year now, attackers could have used ProFTPD to plant and execute arbitrary code on the FTP servers that grant write privileges. The developers believe that other attack vectors are also possible and are delivering an updated version.

The vulnerability was discovered by Evgeny Legerov, who has now released a public exploit module for the Metasploit framework in his commercial VulnDisco package. Legerov claims that the VulnDisco package has contained the exploit since the end of last year.

Astalavista