Directory traversal vulnerability in the FTP server in Rhino Software Serv-U File Server 7.4.0.1 allows remote attackers to create arbitrary directories via a \.. (backslash dot dot) in an MKD request.

More... (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1031)