mozzwald Posted February 8 Share Posted February 8 A vulnerability has been found in the TNFSD server that can allow a person to get directory listings outside of the configured TNFS root directory. We were notified of the issue on Jan 31, 2023 and have been working on a fix since that time. The fix is now available as source code and binaries in our Github repo (https://github.com/FujiNetWIFI/spectranet). Binaries at https://fujinet.online/download have also been updated. Anyone running a publicly available TNFS server should update their TNFSD server immediately. The issue occurs when requesting a directory listing with ".." which can allow viewing the file listing in directories above the TNFS root. In our testing we were not able to download or view contents of any files outside of the TNFS root, only get directory listings. The bugfix compares the absolute path of the TNFS root directory with the absolute path of the requested directory and if the requested directory is not inside the TNFS root it will return a listing of the root directory instead. This has been tested on Windows 10 64Bit, Linux 64bit and Raspberry Pi 3B+ armhf. We have also overlooked the fact that the Linux version of TNFSD has built in chroot capabilities already which would prevent this bug from happening in the old vulnerable version. Linux users can run the server with the '-c [username]' flag to start it in it's own chroot (ex: sudo tnfsd /home/tnfs -c tnfs) and we recommend using this option going forward. Windows users do not have the chroot option and must use the updated TNFSD binary. For Linux users running the server with systemd, this is an example script with chroot: [Unit] Description=TNFS Server After=remote-fs.target After=syslog.target # replace /tnfs with your TNFS directory [Service] User=root Group=root ExecStart=/usr/local/sbin/tnfsd /tnfs -c tnfs [Install] WantedBy=multi-user.target We hope our transparency and action to fix the issue shows our commitment to security and to keeping your trust. Thank you for your understanding. 5 1 Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.