InstantServers MiniPortal is a web server package for Windows based machines, based on the Apache project web server. It includes a web based administrative interface, and a bundled FTP server.
A vulnerability has been reported in the MiniPortal FTP server. It is possible to overflow a buffer when logging into the FTP server. This allows an arbitrary remote user able to connect to the FTP server to execute arbitrary code. The FTP server is installed by default.
Currently the SecurityFocus staff are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org <mailto:email@example.com>.
MiniPortal version 1.1.6 is not affected by this issue: