Detections
Analytics

Ubuntu 16.04 ESM : ROOT vulnerability (USN-4801-1)

high Nessus Plugin ID 183543

Language:

Synopsis

The remote Ubuntu host is missing a security update.

Description

The remote Ubuntu 16.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-4801-1 advisory.

 - ROOT version 6.9.03 and below is vulnerable to an authenticated shell metacharacter injection in the rootd daemon resulting in remote code execution (CVE-2017-1000203)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://ubuntu.com/security/notices/USN-4801-1

Plugin Details

Severity: High

ID: 183543

File Name: ubuntu_USN-4801-1.nasl

Version: 1.0

Type: local

Agent: unix

Published: 10/20/2023

Updated: 10/20/2023

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 6.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2017-1000203

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:canonical:ubuntu_linux:root-plugin-gui-fitpanel, cpe:/o:canonical:ubuntu_linux:16.04:-:esm, p-cpe:/a:canonical:ubuntu_linux:libroot-bindings-python-dev, p-cpe:/a:canonical:ubuntu_linux:libroot-bindings-python5.34, p-cpe:/a:canonical:ubuntu_linux:libroot-bindings-ruby-dev, p-cpe:/a:canonical:ubuntu_linux:libroot-bindings-ruby5.34, p-cpe:/a:canonical:ubuntu_linux:libroot-core-dev, p-cpe:/a:canonical:ubuntu_linux:libroot-core5.34, p-cpe:/a:canonical:ubuntu_linux:libroot-geom-dev, p-cpe:/a:canonical:ubuntu_linux:libroot-geom5.34, p-cpe:/a:canonical:ubuntu_linux:libroot-graf2d-gpad-dev, p-cpe:/a:canonical:ubuntu_linux:libroot-graf2d-gpad5.34, p-cpe:/a:canonical:ubuntu_linux:libroot-graf2d-graf-dev, p-cpe:/a:canonical:ubuntu_linux:libroot-graf2d-graf5.34, p-cpe:/a:canonical:ubuntu_linux:libroot-graf2d-postscript-dev, p-cpe:/a:canonical:ubuntu_linux:libroot-graf2d-postscript5.34, p-cpe:/a:canonical:ubuntu_linux:libroot-graf3d-eve-dev, p-cpe:/a:canonical:ubuntu_linux:libroot-graf3d-eve5.34, p-cpe:/a:canonical:ubuntu_linux:libroot-graf3d-g3d-dev, p-cpe:/a:canonical:ubuntu_linux:libroot-graf3d-g3d5.34, p-cpe:/a:canonical:ubuntu_linux:libroot-graf3d-gl-dev, p-cpe:/a:canonical:ubuntu_linux:libroot-graf3d-gl5.34, p-cpe:/a:canonical:ubuntu_linux:libroot-gui-dev, p-cpe:/a:canonical:ubuntu_linux:libroot-gui-ged-dev, p-cpe:/a:canonical:ubuntu_linux:libroot-gui-ged5.34, p-cpe:/a:canonical:ubuntu_linux:libroot-gui5.34, p-cpe:/a:canonical:ubuntu_linux:libroot-hist-dev, p-cpe:/a:canonical:ubuntu_linux:libroot-hist-spectrum-dev, p-cpe:/a:canonical:ubuntu_linux:libroot-hist-spectrum5.34, p-cpe:/a:canonical:ubuntu_linux:libroot-hist5.34, p-cpe:/a:canonical:ubuntu_linux:libroot-html-dev, p-cpe:/a:canonical:ubuntu_linux:libroot-html5.34, p-cpe:/a:canonical:ubuntu_linux:libroot-io-dev, p-cpe:/a:canonical:ubuntu_linux:libroot-io-xmlparser-dev, p-cpe:/a:canonical:ubuntu_linux:libroot-io-xmlparser5.34, p-cpe:/a:canonical:ubuntu_linux:libroot-io5.34, p-cpe:/a:canonical:ubuntu_linux:libroot-math-foam-dev, p-cpe:/a:canonical:ubuntu_linux:libroot-math-foam5.34, p-cpe:/a:canonical:ubuntu_linux:libroot-math-genvector-dev, p-cpe:/a:canonical:ubuntu_linux:libroot-math-genvector5.34, p-cpe:/a:canonical:ubuntu_linux:libroot-math-mathcore-dev, p-cpe:/a:canonical:ubuntu_linux:libroot-math-mathcore5.34, p-cpe:/a:canonical:ubuntu_linux:libroot-math-mathmore-dev, p-cpe:/a:canonical:ubuntu_linux:libroot-math-mathmore5.34, p-cpe:/a:canonical:ubuntu_linux:libroot-math-matrix-dev, p-cpe:/a:canonical:ubuntu_linux:libroot-math-matrix5.34, p-cpe:/a:canonical:ubuntu_linux:libroot-math-minuit-dev, p-cpe:/a:canonical:ubuntu_linux:libroot-math-minuit5.34, p-cpe:/a:canonical:ubuntu_linux:libroot-math-mlp-dev, p-cpe:/a:canonical:ubuntu_linux:libroot-math-mlp5.34, p-cpe:/a:canonical:ubuntu_linux:libroot-math-physics-dev, p-cpe:/a:canonical:ubuntu_linux:libroot-math-physics5.34, p-cpe:/a:canonical:ubuntu_linux:libroot-math-quadp-dev, p-cpe:/a:canonical:ubuntu_linux:libroot-math-quadp5.34, p-cpe:/a:canonical:ubuntu_linux:libroot-math-smatrix-dev, p-cpe:/a:canonical:ubuntu_linux:libroot-math-smatrix5.34, p-cpe:/a:canonical:ubuntu_linux:libroot-math-splot-dev, p-cpe:/a:canonical:ubuntu_linux:root-plugin-gui-guibuilder, p-cpe:/a:canonical:ubuntu_linux:root-plugin-gui-qt, p-cpe:/a:canonical:ubuntu_linux:root-plugin-gui-sessionviewer, p-cpe:/a:canonical:ubuntu_linux:root-plugin-hist-hbook, p-cpe:/a:canonical:ubuntu_linux:root-plugin-hist-histpainter, p-cpe:/a:canonical:ubuntu_linux:root-plugin-hist-spectrumpainter, p-cpe:/a:canonical:ubuntu_linux:root-plugin-io-sql, p-cpe:/a:canonical:ubuntu_linux:root-plugin-io-xml, p-cpe:/a:canonical:ubuntu_linux:root-plugin-math-fftw3, p-cpe:/a:canonical:ubuntu_linux:root-plugin-math-fumili, p-cpe:/a:canonical:ubuntu_linux:root-plugin-math-minuit2, p-cpe:/a:canonical:ubuntu_linux:root-plugin-montecarlo-pythia8, p-cpe:/a:canonical:ubuntu_linux:root-plugin-net-globus, p-cpe:/a:canonical:ubuntu_linux:root-plugin-net-krb5, p-cpe:/a:canonical:ubuntu_linux:root-plugin-sql-mysql, p-cpe:/a:canonical:ubuntu_linux:root-plugin-sql-odbc, p-cpe:/a:canonical:ubuntu_linux:root-plugin-sql-pgsql, p-cpe:/a:canonical:ubuntu_linux:root-plugin-tree-treeviewer, p-cpe:/a:canonical:ubuntu_linux:root-system, p-cpe:/a:canonical:ubuntu_linux:root-system-bin, p-cpe:/a:canonical:ubuntu_linux:root-system-common, p-cpe:/a:canonical:ubuntu_linux:root-system-proofd, p-cpe:/a:canonical:ubuntu_linux:root-system-rootd, p-cpe:/a:canonical:ubuntu_linux:ttf-root-installer, p-cpe:/a:canonical:ubuntu_linux:libroot-math-splot5.34, p-cpe:/a:canonical:ubuntu_linux:libroot-math-unuran-dev, p-cpe:/a:canonical:ubuntu_linux:libroot-math-unuran5.34, p-cpe:/a:canonical:ubuntu_linux:libroot-misc-memstat-dev, p-cpe:/a:canonical:ubuntu_linux:libroot-misc-memstat5.34, p-cpe:/a:canonical:ubuntu_linux:libroot-misc-minicern-dev, p-cpe:/a:canonical:ubuntu_linux:libroot-misc-minicern5.34, p-cpe:/a:canonical:ubuntu_linux:libroot-misc-table-dev, p-cpe:/a:canonical:ubuntu_linux:libroot-misc-table5.34, p-cpe:/a:canonical:ubuntu_linux:libroot-montecarlo-eg-dev, p-cpe:/a:canonical:ubuntu_linux:libroot-montecarlo-eg5.34, p-cpe:/a:canonical:ubuntu_linux:libroot-montecarlo-vmc-dev, p-cpe:/a:canonical:ubuntu_linux:libroot-montecarlo-vmc5.34, p-cpe:/a:canonical:ubuntu_linux:libroot-net-auth-dev, p-cpe:/a:canonical:ubuntu_linux:libroot-net-auth5.34, p-cpe:/a:canonical:ubuntu_linux:libroot-net-bonjour-dev, p-cpe:/a:canonical:ubuntu_linux:libroot-net-bonjour5.34, p-cpe:/a:canonical:ubuntu_linux:libroot-net-dev, p-cpe:/a:canonical:ubuntu_linux:libroot-net-ldap-dev, p-cpe:/a:canonical:ubuntu_linux:libroot-net-ldap5.34, p-cpe:/a:canonical:ubuntu_linux:libroot-net5.34, p-cpe:/a:canonical:ubuntu_linux:libroot-proof-dev, p-cpe:/a:canonical:ubuntu_linux:libroot-proof-proofplayer-dev, p-cpe:/a:canonical:ubuntu_linux:libroot-proof-proofplayer5.34, p-cpe:/a:canonical:ubuntu_linux:libroot-proof5.34, p-cpe:/a:canonical:ubuntu_linux:libroot-roofit-dev, p-cpe:/a:canonical:ubuntu_linux:libroot-roofit5.34, p-cpe:/a:canonical:ubuntu_linux:libroot-static, p-cpe:/a:canonical:ubuntu_linux:libroot-tmva-dev, p-cpe:/a:canonical:ubuntu_linux:libroot-tmva5.34, p-cpe:/a:canonical:ubuntu_linux:libroot-tree-dev, p-cpe:/a:canonical:ubuntu_linux:libroot-tree-treeplayer-dev, p-cpe:/a:canonical:ubuntu_linux:libroot-tree-treeplayer5.34, p-cpe:/a:canonical:ubuntu_linux:libroot-tree5.34, p-cpe:/a:canonical:ubuntu_linux:root-plugin-geom-gdml, p-cpe:/a:canonical:ubuntu_linux:root-plugin-geom-geombuilder, p-cpe:/a:canonical:ubuntu_linux:root-plugin-geom-geompainter, p-cpe:/a:canonical:ubuntu_linux:root-plugin-graf2d-asimage, p-cpe:/a:canonical:ubuntu_linux:root-plugin-graf2d-qt, p-cpe:/a:canonical:ubuntu_linux:root-plugin-graf2d-x11, p-cpe:/a:canonical:ubuntu_linux:root-plugin-graf3d-x3d

Required KB Items: Host/cpu, Host/Debian/dpkg-l, Host/Ubuntu, Host/Ubuntu/release

Exploit Ease: No known exploits are available

Patch Publication Date: 3/15/2021

Vulnerability Publication Date: 11/17/2017

Reference Information

CVE: CVE-2017-1000203

USN: 4801-1