CVE-2017-11382 – Trend Micro Deep Discovery Email Inspector kdump_setting Denial of Service Vulnerability

https://notcve.org/view.php?id=CVE-2017-11382

Denial of Service vulnerability in Trend Micro Deep Discovery Email Inspector 2.5.1 allows remote attackers to delete arbitrary files on vulnerable installations, thus disabling the service. Formerly ZDI-CAN-4350. Una vulnerabilidad de denegación de servicio en Trend Micro Deep Discovery Email Inspector, versión 2.5.1 permite que atacantes remotos eliminen archivos arbitrarios en instalaciones vulnerables, por lo que se deshabilita el servicio. This vulnerability allows remote attackers to delete arbitrary files on vulnerable installations of Trend Micro Deep Discovery Email Inspector. Authentication is not required to exploit this vulnerability. The specific flaw exists within kdump_setting.php. • http://www.securityfocus.com/bid/100076 http://www.zerodayinitiative.com/advisories/ZDI-17-503 https://success.trendmicro.com/solution/1116750 • CWE-668: Exposure of Resource to Wrong Sphere •