Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: MySQL MERGE Table Privilege Revoke Bypass SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network
https://isc.sans.edu/honeypot.html

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MySQL MERGE Table Privilege Revoke Bypass
Secunia published today an advisory regarding MySQL, in their words:

"The vulnerability is caused due to a design error in the user privilege verification for MERGE tables. This can be exploited to keep access to a table via an in advance created MERGE table even after the privileges has been revoked for the table."

They rate the vulnerability as "not critical".

Arrigo

28 Posts
Aug 1st 2006

Sign Up for Free or Log In to start participating in the conversation!