Without going into unnecessary details about CVE-2012-5612 bug; an authenticated database user could use this flaw to crash MySQL instance or even try executing some code. Is it a serious problem? Do you need to worry about it?
I recently saw some comments that “My database is safe, only application can access it. Is it really a serious bug?” which scared me a bit. Such opinion might be fine but only for closed systems with limited access to MySQL, but what if you are hosting provider that share single MySQL instance between several accounts? Here, security matters a lot! Especially if you allow users to create test/demo accounts.
Based on comments from security lists, only 5.5 family of MySQL is affected since the vulnerable MDL subsystem was first implemented in mysql-5.5. That’s why I decided to do some testing against[Read more...]