The vulnerability needs to be able to write to some MySQL configuration files. Prevent that and you are secure.
Make sure you configure permissions for various config files as follows:
- MySQL reads configuration files from different paths, including from your datadir
* Create an (empty) my.cnf and .my.cnf in the datadir (usually /var/lib/mysql) and make root the owner/group with 0644 permissions.
* Other Locations to look into: /etc/my.cnf /etc/mysql/my.cnf /usr/etc/my.cnf ~/.my.cnf ( mysqld --help --verbose shows you where mysqld will look)
- This also includes !includedir paths defined in your current configurations — make sure they are not writeable by the mysql user as well
- No config files should be writeable by the mysql user (change ownership and permissions)