Exploit:

  Here's an ncftp 2.4.2 remote exploit.
  This time, I'm sure it hasn't been
  reported before and it isn't patched.

  Ok, how to exploit this vunerability?
  By the first, you should create evil
  directory somewhere, deeply into ftp
  server directory tree:

 kernel:~$ mkdir "\`echo -e \"echo + + >~\57.rhosts\">x;. x;rm -f x\`"

  From now, every attempt of downloading
  directory structure with recursive get
  (eg. "get -R coolest_game_ever", that's
  one of the most popular ncftp features),
  will cause remote execution of
  "echo + +>~/.rhosts". Simple and pretty nice.

   Michal Zalewski [camtuf@boss.staszic.waw.pl]