CVE-2006-4031

Severity

21%

Complexity

39%

Confidentiality

48%

This vulnerability is addressed in the following product releases: MySQL, MySQL, 4.1.21 MySQL, MySQL, 5.0.24

MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy.

This vulnerability is addressed in the following product releases: MySQL, MySQL, 4.1.21 MySQL, MySQL, 5.0.24

CVSS 2.0 Base Score 2.1. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:N/A:N).

Overview

Type

MySQL

First reported 18 years ago

2006-08-09 22:04:00

Last updated 5 years ago

2019-12-17 20:16:00

Affected Software

MySQL MySQL 4.1.0

4.1.0

MySQL MySQL 4.1.2

4.1.2

MySQL MySQL 4.1.3

4.1.3

MySQL MySQL 4.1.8

4.1.8

MySQL MySQL 4.1.10

4.1.10

MySQL MySQL 4.1.12

4.1.12

MySQL MySQL 4.1.13

4.1.13

MySQL MySQL 4.1.14

4.1.14

MySQL MySQL 4.1.15

4.1.15

MySQL MySQL 5.0.1

5.0.1

MySQL MySQL 5.0.2

5.0.2

MySQL MySQL 5.0.3

5.0.3

MySQL MySQL 5.0.4

5.0.4

MySQL MySQL 5.0.5

5.0.5

MySQL MySQL 5.0.10

5.0.10

MySQL MySQL 5.0.15

5.0.15

MySQL MySQL 5.0.16

5.0.16

MySQL MySQL 5.0.17

5.0.17

MySQL MySQL 5.0.20

5.0.20

Oracle MySQL 3.22.27

3.22.27

Oracle MySQL 3.22.28

3.22.28

Oracle MySQL 3.22.29

3.22.29

Oracle MySQL 3.22.30

3.22.30

Oracle MySQL 3.22.32

3.22.32

Oracle MySQL 3.23

3.23

Oracle MySQL 3.23.0 Alpha

3.23.0

Oracle MySQL 3.23.1

3.23.1

Oracle MySQL 3.23.2

3.23.2

Oracle MySQL 3.23.3

3.23.3

Oracle MySQL 3.23.4

3.23.4

Oracle MySQL 3.23.5

3.23.5

Oracle MySQL 3.23.6

3.23.6

Oracle MySQL 3.23.7

3.23.7

Oracle MySQL 3.23.8

3.23.8

Oracle MySQL 3.23.9

3.23.9

Oracle MySQL 3.23.10

3.23.10

Oracle MySQL 3.23.11

3.23.11

Oracle MySQL 3.23.12

3.23.12

Oracle MySQL 3.23.13

3.23.13

Oracle MySQL 3.23.14

3.23.14

Oracle MySQL 3.23.15

3.23.15

Oracle MySQL 3.23.16

3.23.16

Oracle MySQL 3.23.17

3.23.17

Oracle MySQL 3.23.18

3.23.18

Oracle MySQL 3.23.19

3.23.19

Oracle MySQL 3.23.20 Beta

3.23.20

Oracle MySQL 3.23.21

3.23.21

Oracle MySQL 3.23.22

3.23.22

Oracle MySQL 3.23.23

3.23.23

Oracle MySQL 3.23.24

3.23.24

Oracle MySQL 3.23.25

3.23.25

Oracle MySQL 3.23.26

3.23.26

Oracle MySQL 3.23.27

3.23.27

Oracle MySQL 3.23.28

3.23.28

Oracle MySQL 3.23.28 Gamma

3.23.28

Oracle MySQL 3.23.29

3.23.29

Oracle MySQL 3.23.30

3.23.30

Oracle MySQL 3.23.31

3.23.31

Oracle MySQL 3.23.32

3.23.32

Oracle MySQL 3.23.33

3.23.33

Oracle MySQL 3.23.34

3.23.34

Oracle MySQL 3.23.35

3.23.35

Oracle MySQL 3.23.36

3.23.36

Oracle MySQL 3.23.37

3.23.37

Oracle MySQL 3.23.38

3.23.38

Oracle MySQL 3.23.39

3.23.39

Oracle MySQL 3.23.40

3.23.40

Oracle MySQL 3.23.41

3.23.41

Oracle MySQL 3.23.42

3.23.42

Oracle MySQL 3.23.43

3.23.43

Oracle MySQL 3.23.44

3.23.44

Oracle MySQL 3.23.45

3.23.45

Oracle MySQL 3.23.46

3.23.46

Oracle MySQL 3.23.47

3.23.47

Oracle MySQL 3.23.48

3.23.48

Oracle MySQL 3.23.49

3.23.49

Oracle MySQL 3.23.50

3.23.50

Oracle MySQL 3.23.51

3.23.51

Oracle MySQL 3.23.52

3.23.52

Oracle MySQL 3.23.53

3.23.53

Oracle MySQL 3.23.53a

3.23.53a

Oracle MySQL 3.23.54

3.23.54

Oracle MySQL 3.23.54a

3.23.54a

Oracle MySQL 3.23.55

3.23.55

Oracle MySQL 3.23.56

3.23.56

Oracle MySQL 3.23.57

3.23.57

Oracle MySQL 3.23.58

3.23.58

Oracle MySQL 3.23.59

3.23.59

Oracle MySQL 4.0.0

4.0.0

Oracle MySQL 4.0.1

4.0.1

Oracle MySQL 4.0.2

4.0.2

Oracle MySQL 4.0.3

4.0.3

Oracle MySQL 4.0.4

4.0.4

Oracle MySQL 4.0.5

4.0.5

Oracle MySQL 4.0.5a

4.0.5a

Oracle MySQL 4.0.6

4.0.6

Oracle MySQL 4.0.7

4.0.7

Oracle MySQL 4.0.7 Gamma

4.0.7

Oracle MySQL 4.0.8

4.0.8

Oracle MySQL 4.0.8 Gamma

4.0.8

Oracle MySQL 4.0.9

4.0.9

Oracle MySQL 4.0.9 Gamma

4.0.9

Oracle MySQL 4.0.10

4.0.10

Oracle MySQL 4.0.11

4.0.11

Oracle MySQL 4.0.11 Gamma

4.0.11

Oracle MySQL 4.0.12

4.0.12

Oracle MySQL 4.0.13

4.0.13

Oracle MySQL 4.0.14

4.0.14

Oracle MySQL 4.0.15

4.0.15

Oracle MySQL 4.0.16

4.0.16

Oracle MySQL 4.0.17

4.0.17

Oracle MySQL 4.0.18

4.0.18

Oracle MySQL 4.0.19

4.0.19

Oracle MySQL 4.0.20

4.0.20

Oracle MySQL 4.0.21

4.0.21

Oracle MySQL 4.0.23

4.0.23

Oracle MySQL 4.0.24

4.0.24

Oracle MySQL 4.0.25

4.0.25

Oracle MySQL 4.0.26

4.0.26

Oracle MySQL 4.0.27

4.0.27

Oracle MySQL 4.1.0 Alpha

4.1.0

Oracle MySQL 4.1.1

4.1.1

Oracle MySQL 4.1.2 Alpha

4.1.2

Oracle MySQL 4.1.3 Beta

4.1.3

Oracle MySQL 4.1.4

4.1.4

Oracle MySQL 4.1.5

4.1.5

Oracle MySQL 4.1.6

4.1.6

Oracle MySQL 4.1.7

4.1.7

Oracle MySQL 4.1.9

4.1.9

Oracle MySQL 4.1.11

4.1.11

Oracle MySQL 4.1.16

4.1.16

Oracle MySQL 4.1.17

4.1.17

Oracle MySQL 4.1.18

4.1.18

Oracle MySQL 4.1.19

4.1.19

Oracle MySQL 4.1.20

4.1.20

Oracle MySQL 5.0.0 Alpha

5.0.0

Oracle MySQL 5.0.3 Beta

5.0.3

Oracle MySQL 5.0.6

5.0.6

Oracle MySQL 5.0.7

5.0.7

Oracle MySQL 5.0.8

5.0.8

Oracle MySQL 5.0.9

5.0.9

Oracle MySQL 5.0.11

5.0.11

Oracle MySQL 5.0.12

5.0.12

Oracle MySQL 5.0.13

5.0.13

Oracle MySQL 5.0.14

5.0.14

Oracle MySQL 5.0.18

5.0.18

Oracle MySQL 5.0.19

5.0.19

Oracle MySQL 5.0.21

5.0.21

Oracle MySQL 5.0.22

5.0.22

References

http://bugs.mysql.com/bug.php?id=15195

Exploit, Patch

http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html

Patch

http://dev.mysql.com/doc/refman/5.0/en/news-5-0-24.html

Patch

http://docs.info.apple.com/article.html?artnum=305214

APPLE-SA-2007-03-13

21259

Patch, Vendor Advisory

21382

21627

21685

21770

22080

24479

30351

31226

1016617

Patch

MDKSA-2006:149

SUSE-SR:2006:023

RHSA-2007:0083

RHSA-2008:0364

RHSA-2008:0768

19279

Patch

USN-338-1

TA07-072A

US Government Resource

ADV-2006-3079

ADV-2007-0930

https://issues.rpath.com/browse/RPL-568

oval:org.mitre.oval:def:10468

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.