ProHoster > Blog > litaba tsa inthanete > Kotsi ho Spreadsheet :: ParseExcel Perl module e sebelisetsoang ho sekisetsa Barracuda ESG

Kotsi ho Spreadsheet :: ParseExcel Perl module e sebelisetsoang ho sekisetsa Barracuda ESG

Ho se ho fumanwe ho ba kotsing e kgolo (CVE-2023-7101) ho Spreadsheet::ParseExcel Perl module, e fanang ka mesebetsi bakeng sa ho arola difaele tsa Excel. Bofokoli bona bo lumella ho etsoa ha khoutu ka mokhoa o sa reroang ha o sebetsana le lifaele tsa XLS kapa XLSX tse nang le melao e ikhethileng ea ho fometa linomoro. Kotsi e bakoa ke ts'ebeliso ea data e fumanoeng faeleng e ntseng e sebetsoa ha ho etsoa mohala oa "eval". Taba ena e lokisitsoe ho Spreadsheet::ParseExcel 0.66 update. Sesebelisoa sa prototype se fumaneha. Khoutu e tlokotsing: haeba ( $format_str =~ /^\[([<>=][^\]]+)\](.*)$/ ) {$conditional = $1; $format_str = $2; } … $section = eval "$number $conditional" ? 0 : 1; Mohlala oa tšebeliso e mpe ea ho phethahatsa taelo ea whoami: 123;system('whoami > /tmp/inject.txt')]123″/>

Kotsi e fumanoe ke Barracuda Networks ha e ntse e etsa lipatlisiso ka tlhaselo ea malware ho lisebelisoa tsa Barracuda ESG (Email Security Gateway). Lisebelisoa li ile tsa senyeha ka lebaka la ho ba kotsing ea matsatsi a lefela (CVE-2023-7102) ho Spreadsheet :: ParseExcel module, eo Barracuda ESG e e sebelisang ho hlahisa li-attachments tsa imeile tsa Excel. Ho sebelisa khoutu e mpe lits'ebetsong tse sebelisang Barracuda ESG, ho romella lengolo-tsoibila le sehokelo se entsoeng ka mokhoa o ikhethileng ho ne ho lekane.

Source: opennet.ru

Reka sebaka se tšepahalang sa libaka tse nang le ts'ireletso ea DDoS, li-server tsa VPS VDS 🔥 Reka sebaka se tšepahalang sa ho amohela webosaete ka tšireletso ea DDoS, li-server tsa VPS VDS | ProHoster