Looking at the details
The wu-ftpd FTP server is derived from the BSD ftpd and is maintained by the WU-FTPD Development Group, which has announced that it will release a fixed version of wu-ftpd with release 2.6.2.
Globbing is a term used to describe the way some software expands filenames using the old DOS wildcards such as an asterisk (*) and a question mark (?).
That makes a nice shortcut for users who either don't know the exact filename or need to download a lot of similar files.
But matching all those wildcard filenames or expanding really complex glob requests can place a heavy load on a server and cause a denial of service event, according to the report "Secure Programming for Linux and Unix HOWTO" (www.linuxdoc.org/HOWTO/Secure-Programs-HOWTO/input.html).
CERT identifies the glob vulnerability in Vulnerability Note #886083, which describes it as an unusual combination of two code bugs rather than the usual buffer overflow flaw.
According to the CERT report, "WU-FTPD's implementation of the glob command does not properly return an error condition when interpreting the string '~{' and then frees memory that may contain user-supplied data."
This means that attackers could run arbitrary code on the server once it is compromised with the relatively simple glob attack.
End sum
If you use WU-FTP for running FTP services on your network, you should download and apply the appropriate patch for your OS as soon as possible. Due to the inherent danger of this vulnerability, this is not an update to put off for a more convenient time.
That is what I like about open source, that things get fixed as soon as a flaw is identified.
Microsoft would just keep quite about it and leave their customers knowingly open to attack.