Unitrends Enterprise Backup bpserverd Privilege Escalation

It was discovered that the Unitrends bpserverd proprietary protocol, as exposed via xinetd, has an issue in which its authentication can be bypassed. A remote attacker could use this issue to execute arbitrary commands with root privilege on the target system. This is very similar to exploits/linux/misc/ueb9_bpserverd however it runs against the localhost by dropping a python script on the local file system. Unitrends stopped bpserverd from listening remotely on version 10.

Link: https://packetstormsecurity.com/files/150502/ueb_bpserverd_privesc.rb.txt