Researchers who have tested the vulnerabilities themselves state that all of them require that the system administrator failed to properly setup the MySQL server, or the firewall installed in front of it. Yet, they admit that the disclosures are legitimate, and they need to be fixed. One disclosure included details of a user privilege elevation vulnerability, which if exploited could allow an attacker with file permissions the ability to elevate its permissions to that of the Mysql admin user.
Given that MySQL is mission critical in many environments, the vulnerabilities are worth examining, especially given that the the disclosures were published with working proof-of-concept scripts."
Link to Original Source