Sasser itself is vulnerable to a buffer overflow

A buffer overflow has been discovered in the FTP server used by the Sasser worm. An infected computer sets up a FTP server on an obscure port so the machines it attacks will connect back on that port. This port is what is vulnerable to a buffer overflow.
The F-Secure weblog points out that this is a bit of overkill since a machine infected with Sasser is likely still vulnerable to the LSASS exploit anyway. So its not clear if this is just a point of amusement, or if there really is a large segment of machines that got patched but were already infected.
This may be part of the ongoing sniping between the netsky writer or writers and mydoom.