Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: MySQL MERGE Table Privilege Revoke Bypass SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms:

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MySQL MERGE Table Privilege Revoke Bypass
Secunia published today an advisory regarding MySQL, in their words:

"The vulnerability is caused due to a design error in the user privilege verification for MERGE tables. This can be exploited to keep access to a table via an in advance created MERGE table even after the privileges has been revoked for the table."

They rate the vulnerability as "not critical".


28 Posts
Aug 1st 2006

Sign Up for Free or Log In to start participating in the conversation!