Hi,
sending the link I talked about during the phone conference. A bit
outdated (published on 2nd May) but still relevant for SL as far as
I know.
http://www.securityfocus.com/archive/1/432734
Blocking 3306 is probably the quickest do-for-now. Note that the
exploit is said to work with unix sockets too (local users).
--
Jiri
|