MySQL Server could allow a remote authenticated attacker to gain elevated privileges on the system, caused by improper restrictions to logging functions. By executing a specially crafted series of SQL statements, an attacker could exploit this vulnerability to create or modify my.conf configuration files which could execute arbitrary code with root privilege when the server is restarted.
CVE(s): CVE-2016-6662
Affected product(s) and affected version(s):
IBM Security Guardium V 9, 9.1, 9.5
IBM Security Guardium V 10, 10.0.1, 10.1, 10.1.2.
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: http://ift.tt/2ijxvek
X-Force Database: http://ift.tt/2hLt6Uf
from IBM Product Security Incident Response Team http://ift.tt/2ijx3wJ
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.