#VU42857 Resource management error in Glibc - CVE-2011-4609

Cybersecurity Help s.r.o.

Published: 2013-05-02 | Updated: 2020-08-11

Vulnerability identifier: #VU42857

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2011-4609

CWE-ID: CWE-399

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Glibc
Universal components / Libraries / Libraries used by multiple products

Vendor: GNU

Description

The vulnerability allows a remote non-authenticated attacker to perform service disruption.

The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Glibc: 2.0 - 2.13

External links
https://bugzilla.redhat.com/show_bug.cgi?id=767299

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in GNU Glibc

Amazon Linux AMI update for glibc