CVE-2006-4031
Vulnerability Summary
Timeline
Description
MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy.
CVSS Metrics
- v2.0•LOW•Score: 2.1AV:L/AC:L/Au:N/C:P/I:N/A:N
EPSS Trends
Current EPSS score: 0.24%• Percentile: 46%
Affected Systems
- mysql•mysql
4.1.0 | 4.1.2 | 4.1.3 | 4.1.8 | 4.1.10 | 4.1.12 | 4.1.13 | 4.1.14 | 4.1.15 | 5.0.1 | 5.0.2 | 5.0.3 | 5.0.4 | 5.0.5 | 5.0.5.0.21 | 5.0.10 | 5.0.15 | 5.0.16 | 5.0.17 | 5.0.20 | 5.0.22.1.0.1
- oracle•mysql
3.22.27 | 3.22.28 | 3.22.29 | 3.22.30 | 3.22.32 | 3.23 | 3.23.0:alpha | 3.23.1 | 3.23.2 | 3.23.3 | 3.23.4 | 3.23.5 | 3.23.6 | 3.23.7 | 3.23.8 | 3.23.9 | 3.23.10 | 3.23.11 | 3.23.12 | 3.23.13 | 3.23.14 | 3.23.15 | 3.23.16 | 3.23.17 | 3.23.18 | 3.23.19 | 3.23.20:beta | 3.23.21 | 3.23.22 | 3.23.23 | 3.23.24 | 3.23.25 | 3.23.26 | 3.23.27 | 3.23.28 | 3.23.28:gamma | 3.23.29 | 3.23.30 | 3.23.31 | 3.23.32 | 3.23.33 | 3.23.34 | 3.23.35 | 3.23.36 | 3.23.37 | 3.23.38 | 3.23.39 | 3.23.40 | 3.23.41 | 3.23.42 | 3.23.43 | 3.23.44 | 3.23.45 | 3.23.46 | 3.23.47 | 3.23.48 | 3.23.49 | 3.23.50 | 3.23.51 | 3.23.52 | 3.23.53 | 3.23.53a | 3.23.54 | 3.23.54a | 3.23.55 | 3.23.56 | 3.23.57 | 3.23.58 | 3.23.59 | 4.0.0 | 4.0.1 | 4.0.2 | 4.0.3 | 4.0.4 | 4.0.5 | 4.0.5a | 4.0.6 | 4.0.7 | 4.0.7:gamma | 4.0.8 | 4.0.8:gamma | 4.0.9 | 4.0.9:gamma | 4.0.10 | 4.0.11 | 4.0.11:gamma | 4.0.12 | 4.0.13 | 4.0.14 | 4.0.15 | 4.0.16 | 4.0.17 | 4.0.18 | 4.0.19 | 4.0.20 | 4.0.21 | 4.0.23 | 4.0.24 | 4.0.25 | 4.0.26 | 4.0.27 | 4.1.0:alpha | 4.1.1 | 4.1.2:alpha | 4.1.3:beta | 4.1.4 | 4.1.5 | 4.1.6 | 4.1.7 | 4.1.9 | 4.1.11 | 4.1.16 | 4.1.17 | 4.1.18 | 4.1.19 | 4.1.20 | 5.0.0:alpha | 5.0.3:beta | 5.0.6 | 5.0.7 | 5.0.8 | 5.0.9 | 5.0.11 | 5.0.12 | 5.0.13 | 5.0.14 | 5.0.18 | 5.0.19 | 5.0.21 | 5.0.22
References (27)
- http://secunia.com/advisories/21259
- http://secunia.com/advisories/21627
- http://www.us-cert.gov/cas/techalerts/TA07-072A.html
- http://www.novell.com/linux/security/advisories/2006_23_sr.html
- http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html
- http://www.vupen.com/english/advisories/2006/3079
- http://www.securityfocus.com/bid/19279
- http://www.ubuntu.com/usn/usn-338-1
- http://secunia.com/advisories/31226
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10468
- http://docs.info.apple.com/article.html?artnum=305214
- http://www.redhat.com/support/errata/RHSA-2008-0768.html
- http://secunia.com/advisories/21382
- http://www.mandriva.com/security/advisories?name=MDKSA-2006:149
- http://secunia.com/advisories/22080
- http://secunia.com/advisories/21770
- http://secunia.com/advisories/21685
- http://dev.mysql.com/doc/refman/5.0/en/news-5-0-24.html
- http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html
- http://securitytracker.com/id?1016617
- http://bugs.mysql.com/bug.php?id=15195
- http://secunia.com/advisories/30351
- http://www.vupen.com/english/advisories/2007/0930
- http://www.redhat.com/support/errata/RHSA-2007-0083.html
- https://issues.rpath.com/browse/RPL-568
- http://www.redhat.com/support/errata/RHSA-2008-0364.html
- http://secunia.com/advisories/24479