Hi Devin! Looks like upstream patch is incomplete. Have you already notified upstream about the problem?
> In terms of exploitability, this allows any user with permissions to > create tables in a db the ability to read from, write to and delete > tables from any other database within the same mysql instance. Can you possibly explain this a little closer? MySQL should not allow you to overwrite existing tables via DATA/INDEX DIRECTORY directives. So you can only get access to tables created in the future, if you can predict their names. Or have you managed to escalate privileges to already existing tables using this flaw? Thanks! -- Tomas Hoger -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
