Red Hat Bugzilla – Bug 841351
CVE-2012-1689 mysql: unspecified DoS vulnerability related to Server Optimizer (CPU Jul 2012)
Last modified: 2015-11-24 10:18:49 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2012-1689 to
the following vulnerability:
Unspecified vulnerability in Oracle MySQL Server 5.1.62 and earlier,
and 5.5.22 and earlier, allows remote authenticated users to affect
availability via unknown vectors related to Server Optimizer.
This CVE may be a full or partial duplicate of CVE-2012-2750 (bug #833742). Upstream is unlikely to provide any further info, so we can't be sure.
A possible candidate for this issue is the following change:
Bug#13012483:EXPLAIN EXTENDED, PREPARED STATEMENT, CRASH IN CHECK_SIMPLE_EQUALITY
This should allow database user with SQL access without administrative privileges to trigger mysqld crash. The problem is not reproducible with mysql packages in Red Hat Enterprise Linux 5 and 6.
This issue has been addressed in following products:
Red Hat Enterprise Linux 6
Via RHSA-2012:1462 https://rhn.redhat.com/errata/RHSA-2012-1462.html