# Vulnerability Report Summary: Arbitrary File Write Vulnerability in sublinear-time-solver ## Vulnerability Overview An arbitrary file write vulnerability (CVE-73) was discovered in the `consciousness-explorer` component of the `sublinear-time-solver` project. The vulnerability exists in the MCP `export_state` tool, where an attacker can access the MCP interface over the network and exploit an unvalidated `filepath` parameter to write JSON state data to an arbitrary path. This could lead to loss of integrity, service disruption, and potentially allow attackers to overwrite system files. ## Scope of Impact - **Affected Components**: `src/consciousness-explorer/mcp/server.js` and `src/consciousness-explorer/index.js` - **Affected Versions**: `sublinear-time-solver` 1.5.0, `consciousness-explorer` 1.1.1 (commit `323a8a9d5573a3a6c3f98e6c7f6a4b2d4f23a8`) - **Vulnerability Type**: CWE-73 (External Control of File Name or Path) - **CVSS Score**: 7.1 (High) ## Remediation 1. **Reject Arbitrary Output Paths**: The `export_state` operation should not accept arbitrary paths. 2. **Use a Dedicated Directory**: Store exported state in a dedicated, application-controlled state directory. 3. **Path Validation**: If users are allowed to choose a filename, accept only the base name and reject path separators, absolute paths, `..` segments, symbolic links, and device names. 4. **Resolve Final Path**: Resolve the final path and verify that it remains within the expected export directory. 5. **Secure File Creation Flags**: Use secure file creation flags to avoid inadvertently overwriting existing files. 6. **Regression Testing**: Add regression tests to demonstrate that absolute paths and traversal payloads cannot write outside the expected directory. 7. **Security Advisory**: Once the patch is released, maintainers should publish a security advisory. ## Proof of Concept (POC) Code ```json {"jsonrpc":"2.0","id":1,"method":"tools/call","params":{"name":"export_state","arguments":{"filepath":"/tmp/sublinear_state_poc.json"}}} ``` ## Additional Information - **Discoverer**: BruceJin - **Discovery Method**: Static analysis (CodeQL), repository source code audit, and manual reproduction (using `mcp-inspector`) - **Temporary Mitigation Measures**: - Do not expose the MCP server to untrusted clients until a fix is available. - Restrict access to the `export_state` tool to trusted local users only. - Run the MCP server using a dedicated low-privilege OS account and a restricted working directory. - Configure file system permissions so that the MCP process cannot write to sensitive locations.