CVE-2006-4031

low
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy.

References

http://bugs.mysql.com/bug.php?id=15195

http://dev.mysql.com/doc/refman/4.1/en/news-4-1-21.html

http://dev.mysql.com/doc/refman/5.0/en/news-5-0-24.html

http://docs.info.apple.com/article.html?artnum=305214

http://lists.apple.com/archives/security-announce/2007/Mar/msg00002.html

http://secunia.com/advisories/21259

http://secunia.com/advisories/21382

http://secunia.com/advisories/21627

http://secunia.com/advisories/21685

http://secunia.com/advisories/21770

http://secunia.com/advisories/22080

http://secunia.com/advisories/24479

http://secunia.com/advisories/30351

http://secunia.com/advisories/31226

http://securitytracker.com/id?1016617

http://www.mandriva.com/security/advisories?name=MDKSA-2006:149

http://www.novell.com/linux/security/advisories/2006_23_sr.html

http://www.redhat.com/support/errata/RHSA-2007-0083.html

http://www.redhat.com/support/errata/RHSA-2008-0364.html

http://www.redhat.com/support/errata/RHSA-2008-0768.html

http://www.securityfocus.com/bid/19279

http://www.ubuntu.com/usn/usn-338-1

http://www.us-cert.gov/cas/techalerts/TA07-072A.html

http://www.vupen.com/english/advisories/2006/3079

http://www.vupen.com/english/advisories/2007/0930

https://issues.rpath.com/browse/RPL-568

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10468

Details

Source: MITRE

Published: 2006-08-09

Updated: 2019-12-17

Risk Information

CVSS v2

Base Score: 2.1

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 3.9

Severity: LOW

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:mysql:mysql:4.1.0:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:4.1.2:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:4.1.3:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:4.1.8:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:4.1.10:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:4.1.12:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:4.1.13:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:4.1.14:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:4.1.15:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.1:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.2:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.3:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.4:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.5:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.5.0.21:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.10:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.15:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.16:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.17:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.20:*:*:*:*:*:*:*

cpe:2.3:a:mysql:mysql:5.0.22.1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.22.27:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.22.28:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.22.29:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.22.30:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.22.32:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.0:alpha:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.4:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.5:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.6:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.7:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.8:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.9:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.10:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.11:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.12:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.13:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.14:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.15:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.16:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.17:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.18:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.19:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.20:beta:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.21:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.22:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.23:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.24:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.25:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.26:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.27:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.28:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.28:gamma:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.29:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.30:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.31:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.32:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.33:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.34:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.35:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.36:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.37:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.38:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.39:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.40:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.41:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.42:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.43:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.44:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.45:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.46:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.47:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.48:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.49:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.50:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.51:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.52:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.53:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.53a:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.54:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.54a:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.55:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.56:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.57:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.58:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:3.23.59:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.0.0:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.0.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.0.2:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.0.3:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.0.4:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.0.5:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.0.5a:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.0.6:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.0.7:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.0.7:gamma:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.0.8:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.0.8:gamma:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.0.9:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.0.9:gamma:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.0.10:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.0.11:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.0.11:gamma:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.0.12:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.0.13:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.0.14:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.0.15:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.0.16:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.0.17:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.0.18:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.0.19:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.0.20:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.0.21:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.0.23:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.0.24:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.0.25:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.0.26:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.0.27:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.1.0:alpha:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.1.1:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.1.2:alpha:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.1.3:beta:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.1.4:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.1.5:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.1.6:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.1.7:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.1.9:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.1.11:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.1.16:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.1.17:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.1.18:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.1.19:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:4.1.20:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.0:alpha:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.3:beta:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.6:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.7:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.8:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.9:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.11:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.12:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.13:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.14:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.18:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.19:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.21:*:*:*:*:*:*:*

cpe:2.3:a:oracle:mysql:5.0.22:*:*:*:*:*:*:*

Tenable Plugins

View all (13 total)

IDNameProductFamilySeverity
60451Scientific Linux Security Update : mysql on SL4.x i386/x86_64NessusScientific Linux Local Security Checks
medium
60406Scientific Linux Security Update : mysql on SL5.x i386/x86_64NessusScientific Linux Local Security Checks
medium
17802MySQL < 4.1.21 / 5.0.24 Privilege PersistenceNessusDatabases
low
33585RHEL 4 : mysql (RHSA-2008:0768)NessusRed Hat Local Security Checks
medium
32425RHEL 5 : mysql (RHSA-2008:0364)NessusRed Hat Local Security Checks
medium
29524SuSE 10 Security Update : mysql (ZYPP Patch Number 2073)NessusSuSE Local Security Checks
medium
27917Ubuntu 6.06 LTS : mysql-dfsg-5.0 vulnerabilities (USN-338-1)NessusUbuntu Local Security Checks
medium
27358openSUSE 10 Security Update : mysql (mysql-2075)NessusSuSE Local Security Checks
medium
3947Mac OS X < 10.4.9 Multiple Vulnerabilities (Security Update 2007-003)Nessus Network MonitorWeb Clients
high
24811Mac OS X < 10.4.9 Multiple Vulnerabilities (Security Update 2007-003)NessusMacOS X Local Security Checks
critical
23896Mandrake Linux Security Advisory : MySQL (MDKSA-2006:149)NessusMandriva Local Security Checks
low
3697Oracle MySQL MERGE Table Privilege EscalationNessus Network MonitorDatabase
medium
801128MySQL MERGE Table Privilege EscalationLog Correlation EngineDatabase
low