MySQL Database Unauthorized GRANT Privilege Vulnerability

It is reported that MySQL is susceptible to an unauthorized database GRANT privilege vulnerability. This issue is due to a failure of the application to ensure that users have sufficient privileges to issue the GRANT command.

By exploiting this vulnerability, attackers may reportedly be able to gain unauthorized access to databases. This may allow them to read or modify the contents of potentially sensitive databases located on the same database server.

Versions of MySQL prior to 4.0.21 are reported vulnerable to this issue.


Privacy Statement
Copyright 2010, SecurityFocus