MySQL could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition error while setting stats during MyISAM table repair. An attacker could exploit this vulnerability to change permissions of arbitrary files. IBM Security Guardium Database Activity Monitor has fixed this vulnerability.
CVEID: CVE-2016-6663**
DESCRIPTION:** MySQL could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition error while setting stats during MyISAM table repair. An attacker could exploit this vulnerability to change permissions of arbitrary files.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119079> for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)
IBM Security Guardium Database Activity Monitor V 9, 9.1, 9.5
IBM Security Guardium Database Activity Monitor V10, 10.0.1, 10.1, 10.1.2
Product
| VRMF| Remediation/First Fix
β|β|β
IBM Security Guardium Database Activity Monitor| 9x| http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_9.0p6022_SecurityUpdate&includeSupersedes=0&source=fc
IBM Security Guardium Database Activity Monitor| 10x| http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_10.0p6022_SecurityUpdate&includeSupersedes=0&source=fc
None