NetworkWorld: Security researchers have released exploit details for a security vulnerability in MySQL that could allow attackers to access databases without entering a correct password. The vulnerability affects Linux systems that use an SSE-optimized glibc and that are running MySQL. On those systems, an attacker can gain access to the database after entering an incorrect password about 1 out of every 256 times. “300 attempts takes only a fraction of second, so basically account password protection is as good as nonexistent,” noted security expert Sergei Golubchik.
The MySQL patches numbered 5.1.63 and 5.5.25, both released in May, address this security vulnerability. Now that exploit code has been made public, IT administrators are encouraged to install the updates as soon as possible.