Well if I remeber well there was also a security advisory recently about proftp and how remote users could gain root priviledges. I think so far the only one that hasn't had any has been the one from Openbsd it comes with suse. try it out.
Proftpd 1.2.0pre9, 10 had root hacks, rc1 has a dos (not so bad, but
annoying, blockable though with "denyfilter "%"" if I remember rtight), rc2
is ok. OpenBSD's ftpd had a root hack due to a format string attack:
===========
http://www.openbsd.org/errata.html
019: SECURITY FIX: July 5, 2000
Just like pretty much all the other unix ftp daemons on the planet, ftpd had
a remote root hole in it. Luckily, ftpd was not enabled by default. The
problem exists if anonymous ftp is enabled.
===========
Basically all ftp daemons had a root hack due to the format strings problem.
WuFTPD also has a TERRIBLE code base (like Bind for example), Proftpd is a
LOT cleaner, and has a way easier/more powerful config, for example:
within my anonymous directive: