Oracle MySQL 5.5.x < 5.5.54 Multiple Vulnerabilities

The version of MySQL installed on the remote host is version 5.5.x prior to 5.5.54 and is affected by multiple issues :

• A flaw exists in ‘mysqld_safe’ that is due to the unsafe use of ‘rm’ and ‘chown’. This may allow an authenticated local attacker to gain elevated privileges.
• An unspecified flaw exists in ‘mysqld_safe’ that is due to the program ignoring the current working directory. This may allow an authenticated attacker to have an unspecified impact. No further details have been provided.
• An overflow condition exists in the Optimizer. The issue is triggered as certain input is not properly validated when handling nested expressions. This may allow an authenticated attacker to cause a stack-based buffer overflow, resulting in a denial of service.
• A flaw exists that is triggered during the handling of a ‘CREATE TABLE’ query with a ‘DATA DIRECTORY’ clause. This may allow an authenticated attacker to gain elevated privileges.
• An unspecified flaw exists related to the MyISAM subcomponent. This may allow a local attacker to gain access to sensitive information. No further details have been provided by the vendor.
• An unspecified flaw exists related to the Charsets subcomponent. This may allow an authenticated attacker to cause a denial of service. No further details have been provided by the vendor.