Threat Level: green Handler on Duty: Brad Duncan

SANS ISC: MySQL MERGE Table Privilege Revoke Bypass - SANS Internet Storm Center SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MySQL MERGE Table Privilege Revoke Bypass
Secunia published today an advisory regarding MySQL, in their words:

"The vulnerability is caused due to a design error in the user privilege verification for MERGE tables. This can be exploited to keep access to a table via an in advance created MERGE table even after the privileges has been revoked for the table."

They rate the vulnerability as "not critical".

Arrigo

28 Posts

Sign Up for Free or Log In to start participating in the conversation!