Vulnerability Description
MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mysql | Mysql | 4.1.0 |
| Oracle | Mysql | 3.22.27 |
References
- http://bugs.mysql.com/bug.php?id=15195ExploitPatch
- http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.htmlPatch
- http://dev.mysql.com/doc/refman/5.0/en/news-5-0-24.htmlPatch
- http://docs.info.apple.com/article.html?artnum=305214
- http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
- http://secunia.com/advisories/21259PatchVendor Advisory
- http://secunia.com/advisories/21382
- http://secunia.com/advisories/21627
- http://secunia.com/advisories/21685
- http://secunia.com/advisories/21770
- http://secunia.com/advisories/22080
- http://secunia.com/advisories/24479
- http://secunia.com/advisories/30351
- http://secunia.com/advisories/31226
- http://securitytracker.com/id?1016617Patch
FAQ
What is CVE-2006-4031?
CVE-2006-4031 is a vulnerability with a CVSS score of 2.1 (LOW). MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which...
How severe is CVE-2006-4031?
CVE-2006-4031 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-4031?
Check the references section above for vendor advisories and patch information. Affected products include: Mysql Mysql, Oracle Mysql.