MariaDB Server 10.0.x < 10.0.28 Multiple Vulnerabilities

The version of MariaDB installed on the remote host is 10.0.x prior to 10.0.28, and is affected by multiple vulnerabilities :

• An unspecified flaw may allow an authenticated attacker to bypass restrictions and create the ‘/var/lib/mysql/my.cnf’ file with custom contents without the FILE privilege requirement.
• A flaw in the C software version of AES Encryption and Decryption is triggered as table lookups do not properly consider cache-bank access times. This may allow a local user to disclose AES keys via a specially crafted application.
• An unspecified flaw exists related to the MyISAM subcomponent. This may allow a local attacker to gain elevated privileges. No further details have been provided by the vendor.
• An unspecified flaw exists related to the DML subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor.
• An unspecified flaw exists related to the GIS subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor.
• An unspecified flaw exists related to the Optimizer subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor.
• An unspecified flaw exists related to the Federated subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor.
• An unspecified flaw exists related to the Security: Encryption subcomponent. This may allow an authenticated remote attacker to disclose potentially sensitive information. No further details have been provided by the vendor.
• An unspecified flaw exists related to the Types subcomponent. This may allow an authenticated remote attacker to cause a denial of service. No further details have been provided by the vendor.
• A flaw exists in the ‘fill_alter_inplace_info()’ function in ‘sql/sql_table.cc’ that is triggered when altering persistent virtual columns. This may allow an authenticated attacker to crash the database.
• A flaw exists in the ‘mysql_rm_table_no_locks()’ function in ‘sql/sql_table.cc’ that is triggered during the handling of ‘CREATE OR REPLACE TABLE’ queries. This may allow an authenticated attacker to crash the database.
• A flaw exists in ‘scripts/mysqld_safe.sh’ that is triggered when handling arguments to ‘malloc-lib’. This may allow a local attacker to potentially gain elevated privileges. Note that CVE-2016-6664 is reportedly a duplicate assignment of CVE-2016-5617, which was assigned to this issue’s manifestation in Oracle MySQL.