Novastar CX40 NetFilter Utility Stack-Based Buffer Overflow Vulnerability

A critical stack-based buffer overflow vulnerability has been identified in the Novastar CX40 NetFilter Utility, specifically in versions through 2.44.0. The issue arises in the network configuration utility located at '/usr/nova/bin/netconfig', which improperly handles user input from the 'getopt()' function without size restrictions. This lack of validation allows for the input of parameters exceeding 256 characters, leading to a stack overflow when the data is subsequently processed and written to fixed-size stack variables. The vulnerability has been disclosed publicly and is potentially exploitable.

Impact

Exploitation of this vulnerability causes memory corruption through a stack-based buffer overflow, which can lead to arbitrary code execution or causing a denial-of-service condition.

Reproduction

To reproduce this vulnerability, input a command-line argument longer than 256 characters into the 'netconfig' utility. The argument will be processed by 'getopt()' and then written to the 'cmd', 'netmask', 'pipeout', and 'nettask' variables. This overflow can be exploited by crafting the input to overwrite the return address on the stack, potentially leading to arbitrary code execution.