Chucked encoding - What is it?

Networking/Security Forums -> Exploits // System Weaknesses

Author: b4rtm4nLocation: Bi Mon Sci Fi Con PostPosted: Mon Aug 12, 2002 9:09 pm    Post subject: Chucked encoding - What is it?
    ----
Hi,

Can anyone point out a URL or happen to have a detailed explanation on chunked encoding and how it can be exploited?

Chance for a few of you to show off here!!

Author: ComSec PostPosted: Mon Aug 12, 2002 10:33 pm    Post subject:
    ----
Chunked encoding is a means to transfer variable-sized units of data (called chunks) from a web client to a web server. There is an arithmetic error in the way Apache calculates the size of a buffer used to hold a chunk. The result is that Apache allocates a buffer that is too small, allowing an intruder to overflow the buffer.

Buffers used to store chunks are allocated on the heap, and therefore this vulnerability can be called a heap-based buffer overflow. Exploiting a heap-based buffer overflow to gain control of a system can sometimes be more difficult than exploiting other kinds of buffer overflows to gain control. However, the failure is more conducive to gaining control of the system than other typical heap-based buffer overflows.

examples:

http://www.mandrakesecure.net/en/advisories/2002/MDKSA-2002-039.php

http://www.debian.org/security/2002/dsa-133

http://www.suse.de/de/support/security/2002_22_apache.html

also here is a chunked scanner to test servers: its free

http://www.nstalker.com/defense/Apache-Chunked-Scanner.zip

ComSec

Author: b4rtm4nLocation: Bi Mon Sci Fi Con PostPosted: Tue Aug 13, 2002 10:03 am    Post subject:
    ----
Brilliant! Thankyou v much. Cool



Networking/Security Forums -> Exploits // System Weaknesses


output generated using printer-friendly topic mod, All times are GMT + 2 Hours

Page 1 of 1

Powered by phpBB 2.0.x © 2001 phpBB Group