A number of problems in ftpd may be used to get root access from an ftp session. Przemyslaw Frasunek has written a technical description (detailing tnftpd, but the principle is the same).
0.6.3 fixes this problem.
The only workaround for this bug is to disable ftpd.
See also CAN-2004-0794, Gentoo bug 61412