In addition to fingerprinting the app doing the conversion, it will also tell you a few other things.
Error 502 openoffice calc software#
So there is no guarantee, but it could be useful in determining whether you might want to try some older Libre CVEs or not.Īlso worth noting is that recently Libre started to put a git hash as their version, so INFO("release") will help you find the exact versions of the software being used. The check on OpenOffice is due to Libre's fork off of OpenOffice and eventually adding a resulting #N/A if you call an Excel INFO function that is not supported by OO/Libre. Where cell c4 is =INFO("DIRECTORY") Label
Here are the fingerprints we ended up using: These small nuances provide the opportunity to create an XLSX file that can be used to get a better idea of what is processing the spreadsheets on the server. OpenOffice and older versions of Libre return an error for INFO functions it does not support where LibreOffice after 2015 will display "#N/A". The =INFO("osversion") function has a hard-coded value for OpenOffice/LibreOffice. This is a useful identifier for a few reasons. Most spreadsheet specs, such as XLSX or ODS, provide you with the INFO functions to give you some information about the software or system that opened the spreadsheet.Īn important observation to note here is that many websites we came across allowed for any LibreOffice support file type to be rendered, despite limiting file extensions client-side. We used the following two methods to identify & fingerprint the document rendering service on multiple websites. Many companies rely on using LibreOffice to export common document formats to HTML/PDF due to it allowing headless file conversions.
Error 502 openoffice calc code#
LibreOffice's Github project has over 500k commits including code that has not been updated in many years. LibreOffice is an open-source fork of OpenOffice and with some google searches you can see there are several critical CVEs for it from the past few weeks alone. We believe our research here is not final, and encourage others to look into this area. The unintended misuse of the Python-UNO bridge by the popular package unoconv resulted in CVE-2019-17400. This writeup covers our efforts to fingerprint LibreOffice, LibreOffice file detection (and abuse) & misuse of the LibreOffice Python-UNO bridge.
Error 502 openoffice calc pdf#
In our attempt to fingerprint LibreOffice as a PDF rendering service, we identified multiple implementation vulnerabilities. Slack has confirmed that no customer data was accessed using this bug. The security of file sharing is critically important to Slack and its users, and we worked with the research team to quickly implement a fix within 24 hours of receiving the report.
Slack would like to thank the researchers for their work to increase the security of the open source tool LibreOffice and their responsible disclosure to Slack.
0 kommentar(er)
