Multiple MySQL 0-Day Vulnerabilities
Researchers discovered five vulnerabilities in MySQL Database.
The first (CVE-2012-5611) is a Linux-based buffer overflow vulnerability which allows an authenticated database user to crash mysqld and/or execute code with the mysql user's privileges.
The second vulnerability (CVE-2012-5612) is a Linux-based heap overflow in which a database user can crash mysqld and/or execute arbitrary code.
The third (CVE-2012-5613) is a Linux-based privilege escalation vulnerability in which an attacker with "FILE" privileges can elevate his permission to the level of the mysql admin user.
The fourth (CVE-2012-5614) is a DoS issue which can be used to crash mysqld.
The last (CVE-2012-5615) is a remote preauth user enumeration flaw in which an attacker attempts to authenticate with an incorrect password (using the old authentication mechanism from mysql 4.x and older) to a mysql 5.x server, and the server will respond with a different message than "Access Denied" making account enumeration possible.
Here is a video demonstrating the privilege escalation vulnerability:[video]http://www.youtube.com/watch?feature=player_embedded&v=uCxy6yTynp4[/video]