Security Bulletin: IBM Security Guardium Database Activity Monitor is affected by Open Source MySQL MySQL Vulnerabilities (CVE-2016-6663)

Summary

MySQL could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition error while setting stats during MyISAM table repair. An attacker could exploit this vulnerability to change permissions of arbitrary files. IBM Security Guardium Database Activity Monitor has fixed this vulnerability.

Vulnerability Details

CVEID: CVE-2016-6663**
DESCRIPTION:** MySQL could allow a local authenticated attacker to gain elevated privileges on the system, caused by a race condition error while setting stats during MyISAM table repair. An attacker could exploit this vulnerability to change permissions of arbitrary files.
CVSS Base Score: 5.5
CVSS Temporal Score: See <https://exchange.xforce.ibmcloud.com/vulnerabilities/119079&gt; for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N)

Affected Products and Versions

IBM Security Guardium Database Activity Monitor V 9, 9.1, 9.5

IBM Security Guardium Database Activity Monitor V10, 10.0.1, 10.1, 10.1.2

Remediation/Fixes

Product

| VRMF| Remediation/First Fix
—|—|—
IBM Security Guardium Database Activity Monitor| 9x| http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_9.0p6022_SecurityUpdate&includeSupersedes=0&source=fc
IBM Security Guardium Database Activity Monitor| 10x| http://www.ibm.com/support/fixcentral/swg/quickorder?parent=IBM%2BSecurity&product=ibm/Information+Management/InfoSphere+Guardium&release=All&platform=All&function=fixId&fixids=SqlGuard_10.0p6022_SecurityUpdate&includeSupersedes=0&source=fc

Workarounds and Mitigations

None