CVE-2006-4031

MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy.

🔗 References (54)

• cve@mitrehttp://bugs.mysql.com/bug.php?id=15195
• cve@mitrehttp://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html
• cve@mitrehttp://dev.mysql.com/doc/refman/5.0/en/news-5-0-24.html
• cve@mitrehttp://docs.info.apple.com/article.html?artnum=305214
• cve@mitrehttp://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
• cve@mitrehttp://secunia.com/advisories/21259
• cve@mitrehttp://secunia.com/advisories/21382
• cve@mitrehttp://secunia.com/advisories/21627
• cve@mitrehttp://secunia.com/advisories/21685
• cve@mitrehttp://secunia.com/advisories/21770
• cve@mitrehttp://secunia.com/advisories/22080
• cve@mitrehttp://secunia.com/advisories/24479
• cve@mitrehttp://secunia.com/advisories/30351
• cve@mitrehttp://secunia.com/advisories/31226
• cve@mitrehttp://securitytracker.com/id?1016617