The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Found an XML bomb in /home/cpeasyapache directory...

Discussion in 'EasyApache' started by gkgcpanel, Nov 15, 2010.

  1. gkgcpanel

    gkgcpanel Well-Known Member

    Joined:
    Jun 6, 2007
    Messages:
    217
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    DataCenter Provider
    During one of our security scans, the following was returned:

    /home/cpeasyapache/src/libxml2-2.7.6/test/recurse/good.xml XML bomb
    /home/cpeasyapache/src/libxml2-2.7.6/test/recurse/goodattr.xml XML bomb

    So, I took a look in that directory:

    drwxr-xr-x 2 root root 4096 Sep 24 2009 ./
    drwxr-xr-x 29 root root 4096 Sep 24 2009 ../
    -rw-r--r-- 1 root root 23803 Sep 24 2009 goodattr.xml
    -rw-r--r-- 1 root root 23765 Sep 24 2009 good.xml
    -rw-r--r-- 1 root root 1707 Sep 24 2009 lol1.xml
    -rw-r--r-- 1 root root 1723 Sep 24 2009 lol2.xml
    -rw-r--r-- 1 root root 1659 Sep 24 2009 lol3.dtd
    -rw-r--r-- 1 root root 86 Sep 24 2009 lol3.xml
    -rw-r--r-- 1 root root 485 Sep 24 2009 lol4.patch
    -rw-r--r-- 1 root root 41408 Sep 24 2009 lol4.xml
    -rw-r--r-- 1 root root 1585 Sep 24 2009 lol5.xml
    -rw-r--r-- 1 root root 53243 Sep 24 2009 lol6.xml


    What the hell are all the lol?.xml files... ? Looking at them, they all contain:

    <?xml version="1.0"?>
    <!DOCTYPE billion [
    <!ELEMENT billion (#PCDATA)>
    <!ENTITY laugh0 "ha">
    <!ENTITY laugh1 "&laugh0;&laugh0;">
    <!ENTITY laugh2 "&laugh1;&laugh1;">
    <!ENTITY laugh3 "&laugh2;&laugh2;">
    <!ENTITY laugh4 "&laugh3;&laugh3;">
    <!ENTITY laugh5 "&laugh4;&laugh4;">
    <!ENTITY laugh6 "&laugh5;&laugh5;">
    <!ENTITY laugh7 "&laugh6;&laugh6;">
    <!ENTITY laugh8 "&laugh7;&laugh7;">
    <!ENTITY laugh9 "&laugh8;&laugh8;">
    <!ENTITY laugh10 "&laugh9;&laugh9;">
    <!ENTITY laugh11
    "&laugh10;&laugh10;&laugh10;&laugh10;&laugh10;&laugh10;&laugh10;&laugh10;&laugh10;&laugh10;&laugh10;&laugh10;&laugh10;&laugh10;&la
    ugh10;&laugh10;&laugh10;&laugh10;&laugh10;&laugh10;&laugh10;&laugh10;&laugh10;&laugh10;&laugh10;&laugh10;&laugh10;&laugh10;&laugh1
    0;&laugh10;&laugh10;&laugh10;&laugh10;&laugh10;&laugh10;&laugh10;&laugh10;&laugh10;&laugh10;&laugh10;&laugh10;&laugh10;">
    <!ENTITY laugh12
    "&laugh11;&laugh11;&laugh11;&laugh11;&laugh11;&laugh11;&laugh11;&laugh11;&laugh11;&laugh11;&laugh11;&laugh11;&laugh11;&laugh11;&la
    ugh11;&laugh11;&laugh11;&laugh11;&laugh11;&laugh11;&laugh11;&laugh11;&laugh11;&laugh11;&laugh11;&laugh11;&laugh11;&laugh11;&laugh1
    1;&laugh11;&laugh11;&laugh11;&laugh11;&laugh11;&laugh11;&laugh11;&laugh11;&laugh11;&laugh11;&laugh11;&laugh11;&laugh11;">
    <!ENTITY laugh13
    "&laugh12;&laugh12;&laugh12;&laugh12;&laugh12;&laugh12;&laugh12;&laugh12;&laugh12;&laugh12;&laugh12;&laugh12;&laugh12;&laugh12;&la
    ugh12;&laugh12;&laugh12;&laugh12;&laugh12;&laugh12;&laugh12;&laugh12;&laugh12;&laugh12;&laugh12;&laugh12;&laugh12;&laugh12;&laugh1
    2;&laugh12;&laugh12;&laugh12;&laugh12;&laugh12;&laugh12;&laugh12;&laugh12;&laugh12;&laugh12;&laugh12;&laugh12;&laugh12;">
    ]>
    <billion>&laugh13;</billion>


    The 2 other files: good.xml and goodattr.xml contain:

    <!DOCTYPE foo [
    <!ENTITY f "some internal data">
    <!ENTITY e "&f;&f;">
    <!ENTITY d "&e;&e;">
    ]>
    <foo>&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;
    &d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;
    &d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;
    &d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;
    &d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;
    &d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;
    &d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;
    &d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;
    &d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;
    &d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;
    &d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;
    &d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;
    &d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;
    &d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;
    &d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;

    ....

    &d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;&d;</foo>


    Since this is in the /home/cpeasyapache directory, I had assumed it has something to do with EasyApache, but now I'm not so sure...

    Anyone else ever see this? cPanel???

    Thanks,
    Peter
     
  2. RCraft

    RCraft Well-Known Member

    Joined:
    Nov 7, 2010
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    6
    Well, that's interesting. Can you provide more details about your server setup as far as security, software versions, etc?
     
  3. Infopro

    Infopro cPanel Sr. Product Evangelist
    Staff Member

    Joined:
    May 20, 2003
    Messages:
    14,478
    Likes Received:
    203
    Trophy Points:
    63
    Location:
    Pennsylvania
    cPanel Access Level:
    Root Administrator
    Twitter:
  4. cPanelKenneth

    cPanelKenneth cPanel Development
    Staff Member

    Joined:
    Apr 7, 2006
    Messages:
    4,461
    Likes Received:
    22
    Trophy Points:
    38
    cPanel Access Level:
    Root Administrator
    These are test files distributed by LibXML. You can verify by:

    1. Downloading libxml-2.7.6 from ftp://xmlsoft.org/libxml2/libxml2-2.7.6.tar.gz
    2. Unpacking the archive
    3. Checking the contents of the files in libxml-2.7.6/test/recurse

    It appears your security scan is returning a false positive.
     
Loading...

Share This Page