Without going into unnecessary details about CVE-2012-5612 bug; an authenticated database user could use this flaw to crash MySQL instance or even try executing some code. Is it a serious problem? Do you need to worry about it?
I recently saw some comments that “My database is safe, only application can access it. Is it really a serious bug?” which scared me a bit. Such opinion might be fine but only for closed systems with limited access to MySQL, but what if you are hosting provider that share single MySQL instance between several accounts? Here, security matters a lot! Especially if you allow users to create test/demo accounts.

Based on comments from security lists, only 5.5 family of MySQL is affected since the vulnerable MDL subsystem was first implemented in mysql-5.5. That’s why I decided to do some testing against

For those who don’t know, several security vulnerabilities in MySQL were discovered recently and published to the security mailing lists. Yet another time, remote attacker can badly hit your production systems causing long downtime.

List of security issues:

• CVE-2012-5611 MySQL (Linux) Stack based buffer overrun PoC Zeroday
• http://seclists.org/fulldisclosure/2012/Dec/4
• https://bugzilla.redhat.com/show_bug.cgi?id=882599
• CVE-2012-5612 MySQL (Linux) Heap Based Overrun PoC Zeroday
• http://seclists.org/fulldisclosure/2012/Dec/5