{"id":"UBUNTU-CVE-2017-1000203","details":"ROOT version 6.9.03 and below is vulnerable to an authenticated shell metacharacter injection in the rootd daemon resulting in remote code execution","modified":"2026-04-22T11:09:29.542255Z","published":"2017-11-17T15:29:00Z","related":["USN-4801-1"],"upstream":["CVE-2017-1000203"],"references":[{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2017-1000203"},{"type":"REPORT","url":"https://github.com/root-project/root/commit/88ccff152604e0f1012653a596d802ff7ede3145#diff-6cd6f6c31bac70116b7ca7abdc8e517e"},{"type":"REPORT","url":"https://www.cve.org/CVERecord?id=CVE-2017-1000203"},{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-4801-1"}],"affected":[{"package":{"name":"root-system","ecosystem":"Ubuntu:Pro:14.04:LTS","purl":"pkg:deb/ubuntu/root-system@5.34.14-1ubuntu0.1~esm1?arch=source&distro=trusty/esm"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.34.14-1ubuntu0.1~esm1"}]}],"versions":["5.34.09-1","5.34.10-1","5.34.14-1","5.34.14-1build1"],"ecosystem_specific":{"binaries":[{"binary_name":"libroot-bindings-python5.34","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"libroot-bindings-ruby5.34","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"libroot-core5.34","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"libroot-geom5.34","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"libroot-graf2d-gpad5.34","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"libroot-graf2d-graf5.34","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"libroot-graf2d-postscript5.34","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"libroot-graf3d-eve5.34","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"libroot-graf3d-g3d5.34","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"libroot-graf3d-gl5.34","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"libroot-gui-ged5.34","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"libroot-gui5.34","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"libroot-hist-spectrum5.34","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"libroot-hist5.34","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"libroot-html5.34","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"libroot-io-xmlparser5.34","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"libroot-io5.34","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"libroot-math-foam5.34","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"libroot-math-genvector5.34","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"libroot-math-mathcore5.34","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"libroot-math-mathmore5.34","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"libroot-math-matrix5.34","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"libroot-math-minuit5.34","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"libroot-math-mlp5.34","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"libroot-math-physics5.34","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"libroot-math-quadp5.34","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"libroot-math-smatrix5.34","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"libroot-math-splot5.34","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"libroot-math-unuran5.34","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"libroot-misc-memstat5.34","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"libroot-misc-minicern5.34","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"libroot-misc-table5.34","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"libroot-montecarlo-eg5.34","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"libroot-montecarlo-vmc5.34","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"libroot-net-auth5.34","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"libroot-net-bonjour5.34","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"libroot-net-ldap5.34","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"libroot-net5.34","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"libroot-proof-proofplayer5.34","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"libroot-proof5.34","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"libroot-roofit5.34","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"libroot-static","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"libroot-tmva5.34","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"libroot-tree-treeplayer5.34","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"libroot-tree5.34","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"root-plugin-geom-gdml","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"root-plugin-geom-geombuilder","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"root-plugin-geom-geompainter","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"root-plugin-graf2d-asimage","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"root-plugin-graf2d-qt","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"root-plugin-graf2d-x11","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"root-plugin-graf3d-x3d","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"root-plugin-gui-fitpanel","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"root-plugin-gui-guibuilder","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"root-plugin-gui-qt","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"root-plugin-gui-sessionviewer","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"root-plugin-hist-hbook","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"root-plugin-hist-histpainter","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"root-plugin-hist-spectrumpainter","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"root-plugin-io-sql","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"root-plugin-io-xml","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"root-plugin-math-fftw3","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"root-plugin-math-fumili","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"root-plugin-math-minuit2","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"root-plugin-montecarlo-pythia8","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"root-plugin-net-globus","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"root-plugin-net-krb5","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"root-plugin-sql-mysql","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"root-plugin-sql-odbc","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"root-plugin-sql-pgsql","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"root-plugin-tree-treeviewer","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"root-system","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"root-system-bin","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"root-system-common","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"root-system-proofd","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"root-system-rootd","binary_version":"5.34.14-1ubuntu0.1~esm1"},{"binary_name":"ttf-root-installer","binary_version":"5.34.14-1ubuntu0.1~esm1"}],"availability":"Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-1000203.json"}},{"package":{"name":"root-system","ecosystem":"Ubuntu:Pro:16.04:LTS","purl":"pkg:deb/ubuntu/root-system@5.34.30-0ubuntu8+esm1?arch=source&distro=esm-apps/xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.34.30-0ubuntu8+esm1"}]}],"versions":["5.34.30-0ubuntu3","5.34.30-0ubuntu5","5.34.30-0ubuntu6","5.34.30-0ubuntu7","5.34.30-0ubuntu8"],"ecosystem_specific":{"binaries":[{"binary_name":"libroot-bindings-python5.34","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"libroot-bindings-ruby5.34","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"libroot-core5.34","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"libroot-geom5.34","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"libroot-graf2d-gpad5.34","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"libroot-graf2d-graf5.34","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"libroot-graf2d-postscript5.34","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"libroot-graf3d-eve5.34","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"libroot-graf3d-g3d5.34","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"libroot-graf3d-gl5.34","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"libroot-gui-ged5.34","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"libroot-gui5.34","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"libroot-hist-spectrum5.34","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"libroot-hist5.34","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"libroot-html5.34","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"libroot-io-xmlparser5.34","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"libroot-io5.34","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"libroot-math-foam5.34","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"libroot-math-genvector5.34","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"libroot-math-mathcore5.34","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"libroot-math-mathmore5.34","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"libroot-math-matrix5.34","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"libroot-math-minuit5.34","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"libroot-math-mlp5.34","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"libroot-math-physics5.34","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"libroot-math-quadp5.34","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"libroot-math-smatrix5.34","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"libroot-math-splot5.34","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"libroot-math-unuran5.34","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"libroot-misc-memstat5.34","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"libroot-misc-minicern5.34","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"libroot-misc-table5.34","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"libroot-montecarlo-eg5.34","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"libroot-montecarlo-vmc5.34","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"libroot-net-auth5.34","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"libroot-net-bonjour5.34","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"libroot-net-ldap5.34","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"libroot-net5.34","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"libroot-proof-proofplayer5.34","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"libroot-proof5.34","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"libroot-roofit5.34","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"libroot-static","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"libroot-tmva5.34","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"libroot-tree-treeplayer5.34","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"libroot-tree5.34","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"root-plugin-geom-gdml","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"root-plugin-geom-geombuilder","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"root-plugin-geom-geompainter","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"root-plugin-graf2d-asimage","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"root-plugin-graf2d-qt","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"root-plugin-graf2d-x11","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"root-plugin-graf3d-x3d","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"root-plugin-gui-fitpanel","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"root-plugin-gui-guibuilder","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"root-plugin-gui-qt","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"root-plugin-gui-sessionviewer","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"root-plugin-hist-hbook","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"root-plugin-hist-histpainter","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"root-plugin-hist-spectrumpainter","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"root-plugin-io-sql","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"root-plugin-io-xml","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"root-plugin-math-fftw3","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"root-plugin-math-fumili","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"root-plugin-math-minuit2","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"root-plugin-montecarlo-pythia8","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"root-plugin-net-globus","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"root-plugin-net-krb5","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"root-plugin-sql-mysql","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"root-plugin-sql-odbc","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"root-plugin-sql-pgsql","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"root-plugin-tree-treeviewer","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"root-system","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"root-system-bin","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"root-system-common","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"root-system-proofd","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"root-system-rootd","binary_version":"5.34.30-0ubuntu8+esm1"},{"binary_name":"ttf-root-installer","binary_version":"5.34.30-0ubuntu8+esm1"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-1000203.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},{"type":"Ubuntu","score":"medium"}]}