CVE Database


Impact: Low
Public: 2005-11-23
Bugzilla: 202246: CVE-2006-4031 MySQL improper permission revocation


The MITRE CVE dictionary describes this issue as:

MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy.

Find out more about CVE-2006-4031 from the MITRE CVE dictionary and NIST NVD.


This issue was corrected in all affected mysql packages versions as shipped in Red Hat Enterprise Linux or Red Hat Application Stack via:
This issue did not affect mysql packages as shipped with Red Hat Enterprise Linux 2.1 or 3

Red Hat security errata

Platform Errata Release Date
Red Hat Application Stack v1 for Enterprise Linux AS (v.4) (mysql) RHSA-2007:0083 February 19, 2007
Red Hat Enterprise Linux version 4 (mysql) RHSA-2008:0768 July 24, 2008
Red Hat Enterprise Linux version 5 (mysql) RHSA-2008:0364 May 20, 2008

External References

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact the Red Hat Security Response Team.