source: http://www.securityfocus.com/bid/859/info

If the Serv-U FTP server receives an overly long argument to the SITE PASS command, it will crash. To issue this command, an attacker must be already logged in as an authenticated user, including an 'anonymous' user.

https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/19664.zip