Buffer overflow in the parsecmd function in bftpd before 1.8 has unknown impact and attack vectors related to the confstr variable.
http://www.vupen.com/english/advisories/2007/1347
http://sourceforge.net/project/shownotes.php?release_id=500238&group_id=32077