From secunia security advisory at $URL: Description: The vulnerabilities are caused due to errors within the "rendezvous_request()" and "svcudp_recv()" functions when handling EMFILE errors, which can be exploited to cause high CPU consumption and render the system unresponsive. The vulnerabilities are reported in version 2.14.1. Other versions may also be affected. Solution: Unpatched. Restrict access to RPC services to trusted hosts only.
Hi, this bug was fixed on 28th Nov 2012 by upstream. See http://sourceware.org/bugzilla/show_bug.cgi?id=14889 Patch: http://sourceware.org/git/?p=glibc.git;a=commit;h=14bc93a967e62abf8cf2704725b6f76619399f83
(In reply to comment #1) > Hi, > > this bug was fixed on 28th Nov 2012 by upstream. See > > http://sourceware.org/bugzilla/show_bug.cgi?id=14889 > > Patch: > > http://sourceware.org/git/?p=glibc.git;a=commit; > h=14bc93a967e62abf8cf2704725b6f76619399f83 thanks for the notice
CVE-2011-4609 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-4609): The svc_run function in the RPC implementation in glibc before 2.15 allows remote attackers to cause a denial of service (CPU consumption) via a large number of RPC connections.
this is in glibc-2.17 which is stable now
Always covered by GLSA 201312-01
