Unprotected QNX qconn Service

This script is Copyright (C) 2010-2013 Tenable Network Security, Inc.


Synopsis :

Arbitrary commands can be run on this port.

Description :

A QNX qconn service is running on this host.

QNX plans to add some authentication to qconn. Meanwhile, qconn
should be used only in development phase.

Through this service, it is possible to upload and execute arbitrary
code on the host. An attacker can use this service to take complete
control of the affected device.

See also :

http://www.nessus.org/u?979f54af
http://www.nessus.org/u?9468f6f3

Solution :

Filter incoming traffic to this port, disable the service, or contact
the device's vendor for a patch.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Service detection

Nessus Plugin ID: 48354 ()

Bugtraq ID:

CVE ID: