An in-depth of bypassing BOF

mitigation techniques
Introduction
Modern computing systems with their increasing dependency on evolving hardware
infrastructure and the internet are facing rising code complexities. This complexity
often results in vulnerabilities that can go unnoticed for extended periods and cause
significant damage. Programmers due to time constraints and lack of awareness or
reliance on old code can inadvertently create or perpetuate these vulnerabilities.
There are various types of software vulnerabilities like SQL injection ,Cross-site
scripting, Buffer overflow, Race condition, Integer overflow, OS command injection,
missing authentication and path traversal. All these vulnerabilities even the smallest
ones can lead to severe consequences like financial intellectual or data loss. High
profile examples include the hack of a SWIFT code which cost the US 81 million
USD the Home Depot data breach in 2014 which exposed 56 million credit and debit
cards and the Equifax data breach in 2017 affecting approximately 147 million
individuals.
This study focuses on buffer overflow (BOF), a thirty-year-old vulnerability that still
causes a significant number of security breaches. Considered the "vulnerability of
the decade" (1988-1998) it was the most frequently reported vulnerability in the
Common Vulnerabilities and Exposures (CVE) list of 2019 with over 400 instances.
By May 2021 the CVE database reported over 13,700 buffer overflow vulnerabilities,
indicating a growing trend of this type of vulnerability over time.

Figure 1. Buffer Overflow Statistics in CVE.

An in-depth of bypassing BOF mitigation techniques 1

 Numerous security incidents have occurred as a result of buffer overflow
vulnerabilities. Tables 1 and 2 provide a selection of the most notable attacks
associated with this issue.

Table 1. Most Prominent Attacks Caused by BOF.

Table 2. Most Prominent Buffer Overflow Vulnerabilities.

Stack Based buffer overflow

Stack-based buffer overflow, the most common type of Buffer Overflow (BOF) that
involves corruption of the function stack frame (FSF) or function activation record. To
fully understand this type of vulnerability and it's essential to grasp the fundamentals
of process address space and stack layout as they directly relate to stack buffers.

Process Stack
In the x86-64 architecture, the stack, starting from 0x080000000000, grows towards
lower addresses and holds function activation records. Function arguments are
passed via registers or pushed onto the stack. Buffer overflow attacks typically occur
by overwriting the return address stored in the function stack frame during a
procedure call this is common in C and C++ programming languages due to their

An in-depth of bypassing BOF mitigation techniques 2

 lack of automatic bound-checking and allowance for data and memory manipulation
and many C library functions are vulnerable to such attacks.

Function Stack Frame (FSF)

Stack smashing
Stack smashing is a prevalent strategy used by attackers to exploit the local buffers
created in stack memory leading to stack overflow. This method requires a
vulnerable program and the injection of malicious code into its address space. By
understanding the stack layout and overwriting the return address of the current
Function Stack Frame (FSF) with a location containing harmful code and attackers
can exploit the Buffer Overflow (BOF) vulnerability this allows them to gain full
access to the victim's machine via a code-injection attack and with enough privileges
they can gain remote access to the host machine. The input string's design is crucial
in these attacks as the starting address of the injected shell code must precisely
overwrite the saved function return address in the FSF.

This study has collected research data since 1989 and compared studies with
selected benchmarks covering all significant aspects of BOF attacks.

Literature Review.

An in-depth of bypassing BOF mitigation techniques 3

An in-depth of bypassing BOF mitigation techniques 4
An in-depth of bypassing BOF mitigation techniques 5