View Single Post
  #2   (View Single Post)  
Old 11th June 2012
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Tcpdump Spy
 
Join Date: Apr 2008
Location: Netherlands
Posts: 2,243
Default

Yikes!

As I understand it, you can check this with a simple script:

Code:
#!/bin/sh

for i in $(jot 2000); do
        mysql -u root --password=wrong -h mysql_machine
done
To be sure, I checked a few CentOS 5.x machines and a FreeBSD 8 machine, none were vulnerable.

Bonus hint: firewall!
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote