MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG, which allows remote authorized users to execute arbitrary BINLOG statements.
http://www.vupen.com/english/advisories/2008/0560/references
http://www.securitytracker.com/id?1019083