Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Database)  >   MySQL Vendors:
MySQL MERGE Access Control Error May Let Users Access a Restricted Table
SecurityTracker Alert ID:  1016617
SecurityTracker URL:
CVE Reference:   CVE-2006-4031   (Links to External Site)
Updated:  Jun 8 2008
Original Entry Date:  Aug 1 2006
Impact:   Disclosure of user information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 4.x prior to 4.1.21; 5.0 prior to 5.0.24
Description:   A vulnerability was reported in MySQL. A remote authenticated user can continue to access a table after their privileges have been revoked.

A remote authenticated user with access to a MyISAM table can create a MERGE table that accesses the original table. If the user's privileges for the original table are subsequently revoked, the user can still access the original table via the new table.

The original report is available at:

Peter Gulutzan reported this vulnerability.

Impact:   A remote authenticated user may be able to access a table after the user's privileges for that table have been revoked.
Solution:   The vendor has released fixed versions (4.1.21, 5.0.24).

The MySQL advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Access control error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.

 Source Message Contents

[Original Message Not Available for Viewing]

Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC