Nsasoft Nsauditor Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

A buffer overflow vulnerability has been identified in Nsasoft Nsauditor versions 3.0.28 and 3.2.1.0, specifically within the DNS Lookup tool. This vulnerability allows attackers to execute arbitrary code by overwriting memory. Exploitation involves crafting a malicious DNS query payload that triggers a three-byte overwrite, bypasses Address Space Layout Randomization (ASLR), and executes shellcode through a carefully constructed exploit.

Impact

Exploitation of this vulnerability leads to a buffer overflow, allowing for arbitrary code execution on the affected system.

Reproduction

To reproduce this vulnerability, first, prepare a DNS query payload that includes shellcode designed to be executed after the buffer overflow. The shellcode can be generated using tools like msfvenom, specifying the desired command to execute, such as launching the calculator application. Once the payload is ready, open Nsauditor and navigate to the 'DNS Lookup' tool. Paste the crafted payload into the 'DNS Query' field and click 'Resolve'. This action will trigger the buffer overflow by overwriting the memory and executing the embedded shellcode.