MySQL MERGE Table Privilege Revoke Bypass

Wednesday Aug 2nd 2006 by DatabaseJournal.com Staff
Share:

Peter Gulutzan has reported a vulnerability in MySQL, which can be exploited by malicious users to bypass certain security restrictions.

[From Secunia]

Peter Gulutzan has reported a vulnerability in MySQL, which can be exploited by malicious users to bypass certain security restrictions.

The vulnerability is caused due to a design error in the user privilege verification for MERGE tables. This can be exploited to keep access to a table via an in advance created MERGE table even after the privileges has been revoked for the table.

The article continues at http://secunia.com/advisories/21259/

Share:
Home
Mobile Site | Full Site
Copyright 2017 © QuinStreet Inc. All Rights Reserved