The Basic Security Module (BSM) for Solaris 2.5.1, 2.6, 7, and 8 does not log anonymous FTP access, which allows remote attackers to hide their activities, possibly when certain BSM audit files are not present under the FTP root.
https://exchange.xforce.ibmcloud.com/vulnerabilities/11841
http://www.securityfocus.com/bid/7396
http://sunsolve.sun.com/search/document.do?assetkey=1-26-40521-1