Rapport of research

Introduction
A buffer overflow is a form of software vulnerability that arises when a program
during its execution writes more data to a buffer or temporary data storage area than
the buffer is designed to hold. This excessive data can overflow into adjacent
memory spaces and potentially overwriting or corrupting the valid data stored there.
This could cause erratic program behavior including memory access errors or
incorrect results a crash or a breach of system security.
Exploiting a buffer overflow vulnerability can allow malicious actors to execute
arbitrary code and that will cause a potentially gaining unauthorized access or
control over a system specifically with privileges root user .
This is partly because buffer overflows can occur in various ways and the techniques
used to prevent them are often error-prone.

Types of Buffer Overflow Exploits

Buffer overflow exploits can be categorized into several types based on their specific
techniques and targets:

1. Stack-based Buffer Overflow Exploits: These are the most common type of
buffer overflow exploits. They occur when a program writes more data to the
stack than it can handle and causing to an overflow of the stack space. By doing
so attackers can overwrite the return address of a function and point it to
malicious code thus achieving arbitrary code execution or remote code
execution (RCE).

2. Heap-based Buffer Overflow Exploits: These exploits target the heap a

dynamic and less predictable area of memory where data is stored (dynamic
memory). In a heap-based buffer overflow an attacker can corrupt the data in the
heap and manipulate the application.

3. Integer Overflow Exploits: A format string exploit occurs when an application

inadequately distinguishes between input data and command instructions or fails
to effectively validate incoming data. This oversight allows an attacker to run
arbitrary code and access to information stored in the stack or provoke
segmentation faults in the application. The consequence of such an exploit may
induce unforeseen actions that compromise the system's security and reliability.

Rapport of research 1
 Mitigation Techniques:
1. Non-Executable (NX) Bit Utilization: A significant mitigation strategy within
CPU technology is the deployment of the Non-Executable (NX) bit. Its purpose is
to compartmentalize memory into areas designated for code storage and those
for data storage so activating the NX bit for a particular memory segment implies
that the area is non-executable and creating a protective barrier that hinders the
execution of malicious code even in the event of a buffer overflow.

2. Read-only Relocations (RELRO) Implementation: The Read-only Relocations

(RELRO) mechanism is another layer of defense that assigns a read-only
attribute to specific memory sections. In its fully operational state known as Full
RELRO it relocates the Global Offset Table (GOT) into a read-only memory
segment so this relocation prevents unauthorized overwrite attempts enhancing
the system's resilience against such attacks.

3. Integration of Stack Canaries: Stack canaries serve as an effective protective

mechanism by inserting unique values onto the stack prior to the local variables
so these values are subsequently checked for integrity before a function
concludes its execution in the event of a buffer overflow and the canary value is
altered as well as signifying the presence of an overflow therefore the system
can then initiate appropriate response procedures.

4. Adherence to the Position Independent Executable (PIE) Principle: The

Position Independent Executable (PIE) feature allows executables to be loaded
into any memory address without causing relocation issues. When used in
conjunction with Address Space Layout Randomization (ASLR) so PIE increases
the complexity for an attacker attempting to predict target addresses, thereby
mitigating the risk of buffer overflow attacks.

5. Application of Address Space Layout Randomization (ASLR): ASLR is a

protective strategy employed in Linux systems that introduces randomness in
the memory addresses used by key areas of a process and the uncertainty
engendered by this approach makes it considerably more difficult for attackers to
ascertain the precise location for code injection so thereby fortifying the system
against buffer overflow exploits.

Rapport of research 2