CVE-2011-4609

Name of the Vulnerable Software and Affected Versions glibc versions 2.3.4 glibc-common versions 2.3.4 glibc-devel versions 2.3.4 glibc-headers versions 2.3.4 glibc-profile versions 2.3.4 glibc-utils versions 2.3.4 nptl-devel versions 2.3.4

Description The issue affects the glibc package in Red Hat Enterprise Linux and CentOS operating systems, allowing for potential disruption of confidentiality, integrity, and availability of protected information. Exploitation can be carried out locally. The svc run function in the RPC implementation is also vulnerable, enabling remote attackers to cause a denial of service via a large number of RPC connections.

Recommendations For glibc versions 2.3.4, consider updating to a version prior to 2.15 to mitigate the risk. For glibc-common versions 2.3.4, consider updating to a version prior to 2.15 to mitigate the risk. For glibc-devel versions 2.3.4, consider updating to a version prior to 2.15 to mitigate the risk. For glibc-headers versions 2.3.4, consider updating to a version prior to 2.15 to mitigate the risk. For glibc-profile versions 2.3.4, consider updating to a version prior to 2.15 to mitigate the risk. For glibc-utils versions 2.3.4, consider updating to a version prior to 2.15 to mitigate the risk. For nptl-devel versions 2.3.4, consider updating to a version prior to 2.15 to mitigate the risk. As a temporary workaround, consider disabling the svc run function until a patch is available.