Buffer overflow in NetFtpd for NetTerm 5.1.1 and earlier allows remote attackers to execute arbitrary code via a long USER command.