MySQL MERGE Table Privilege Revoke Bypass

Published: 2006-08-01
Last Updated: 2006-08-01 16:58:29 UTC
by Arrigo Triulzi (Version: 1)
0 comment(s)
Secunia published today an advisory regarding MySQL, in their words:

"The vulnerability is caused due to a design error in the user privilege verification for MERGE tables. This can be exploited to keep access to a table via an in advance created MERGE table even after the privileges has been revoked for the table."

They rate the vulnerability as "not critical".

0 comment(s)


Diary Archives