Threat Level: green Handler on Duty: Mark Hofman

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

MySQL MERGE Table Privilege Revoke Bypass

Published: 2006-08-01
Last Updated: 2006-08-01 16:58:29 UTC
by Arrigo Triulzi (Version: 1)
0 comment(s)
Secunia published today an advisory regarding MySQL, in their words:

"The vulnerability is caused due to a design error in the user privilege verification for MERGE tables. This can be exploited to keep access to a table via an in advance created MERGE table even after the privileges has been revoked for the table."

They rate the vulnerability as "not critical".

Keywords:
0 comment(s)
Diary Archives