Invalid chroot() and seteuid() usage under some circumstances allow FTP root directory bypass.
vulners.com/securityvulns/securityvulns:doc:14994