Common Vulnerabilities and Exposures assigned an identifier CVE-2012-3160 to the following vulnerability: Name: CVE-2012-3160 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3160 Assigned: 20120606 Reference: http://www.oracle.com/technetwork/topics/security/cpuoct2012-1515893.html Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.65 and earlier, and 5.5.27 and earlier, allows local users to affect confidentiality via unknown vectors related to Server Installation.
Text of the Oracle flaw description: Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server Installation). Supported versions that are affected are 5.1.65 and earlier and 5.5.27 and earlier. Easily exploitable vulnerability requiring logon to Operating System. Successful attack of this vulnerability can result in unauthorized read access to a subset of MySQL Server accessible data. http://www.oracle.com/technetwork/topics/security/cpuoct2012verbose-1515934.html#MSQL It seems the CVE may be related to the following commits: http://bazaar.launchpad.net/~mysql/mysql-server/5.1/revision/3780 http://bazaar.launchpad.net/~mysql/mysql-server/5.5/revision/2661.810.55 They modify mysql_secure_installation scripts to ensure that a temporary file, to which root password is written, is properly removed if script fails or is interrupted. Shell version of the script is included in the Red Hat Enterprise Linux mysql packages.
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2012:1462 https://rhn.redhat.com/errata/RHSA-2012-1462.html