Comment 5 for bug 1447871

In that PoC case it seems like the vulnerability is lack of proper remote isolation from the environment in which mysqld is running. The guest agent should of course be fixed regardless (defense in depth) but the ability to write arbitrary data to /tmp is the part which I think would take a user/deployer by surprise.