NetAware Buffer Overflow Vulnerability Leading to Denial-of-Service

A buffer overflow vulnerability has been identified in NetAware version 1.20, specifically within the Share Name field. This vulnerability allows local attackers to crash the application by entering an excessively long string. By pasting a 1000-byte buffer into the Share Name parameter while adding a new share through the Manage Shares interface, attackers can effectively trigger a denial-of-service condition, causing the application to crash.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the application to crash.

Reproduction

To reproduce this vulnerability, first run the Python script 'NetAware_share.py', which will generate a file named 'NetAware.txt' containing a 1000-byte buffer. Copy the contents of this file to the clipboard. Then, open NetAware and navigate to 'Manage Shares' and select 'Add a New Share'. Paste the clipboard contents into the 'Share Name' field, enter a value in the 'Share Path' field (such as 'test'), and select 'Maximum allowed' for the 'User Limit'. Click 'Ok' to add the share, which will result in the application crashing.