module
Unitrends Enterprise Backup bpserverd Privilege Escalation
| Disclosed |
|---|
| Mar 14, 2018 |
Disclosed
Mar 14, 2018
Description
It was discovered that the Unitrends bpserverd proprietary protocol, as exposed via xinetd,
has an issue in which its authentication can be bypassed. A remote attacker could use this
issue to execute arbitrary commands with root privilege on the target system.
This is very similar to exploits/linux/misc/ueb9_bpserverd however it runs against the
localhost by dropping a python script on the local file system. Unitrends stopped
bpserverd from listening remotely on version 10.
has an issue in which its authentication can be bypassed. A remote attacker could use this
issue to execute arbitrary commands with root privilege on the target system.
This is very similar to exploits/linux/misc/ueb9_bpserverd however it runs against the
localhost by dropping a python script on the local file system. Unitrends stopped
bpserverd from listening remotely on version 10.
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.