MySQL MERGE Table Privilege Revoke Bypass

Published: 2006-08-01. Last Updated: 2006-08-01 16:58:29 UTC
by Arrigo Triulzi (Version: 1)
0 comment(s)
Secunia published today an advisory regarding MySQL, in their words:

"The vulnerability is caused due to a design error in the user privilege verification for MERGE tables. This can be exploited to keep access to a table via an in advance created MERGE table even after the privileges has been revoked for the table."

They rate the vulnerability as "not critical".

Keywords:
0 comment(s)

Comments


Diary Archives