Ensure the plugin directory is world-writable:
The MySQL 5.0.12 exploit forced the community to implement several critical defenses. mysql 5.0.12 exploit
Perhaps the most "interesting" exploit affecting versions in the 5.0 and 5.1 branches (including 5.0.12 in specific compiled environments) is the MySQL Authentication Bypass The Glitch : It was a "tragically comedic" logic error involving the function. The code assumed Ensure the plugin directory is world-writable: The MySQL 5
: Because of this casting error, the server would occasionally return "true" for a password comparison even if the password was wrong. The Exploit : An attacker had a 1 in 256 chance The Exploit : An attacker had a 1
Within ninety seconds, he had RDP access over a torified VPN.
To prevent similar attacks, the following measures can be taken:
The MySQL 5.0.12 exploit serves as a reminder of the importance of: