Hi, sending the link I talked about during the phone conference. A bit outdated (published on 2nd May) but still relevant for SL as far as I know. http://www.securityfocus.com/archive/1/432734 Blocking 3306 is probably the quickest do-for-now. Note that the exploit is said to work with unix sockets too (local users). -- Jiri