Linux ≫ Linux Kernel

Vulnerability when Network Address Translation (NAT) is enabled in Linux 2.2.10 and earlier with ipchains, or FreeBSD 3.2 with ipfw, allows remote attackers to cause a denial of service (kernel panic) via a ping -R (record route) command.

strace allows local users to read arbitrary files via memory mapped file names.

The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option.

Buffer overflow in Linux su command gives root access to local users.

Linux kernel before 2.3.18 or 2.2.13pre15, with SLIP and PPP options, allows local unprivileged users to forge IP packets via the TIOCSETD option on tty devices.

mknod in Linux 2.2 follows symbolic links, which could allow local users to overwrite files or gain privileges.

The pt_chown command in Linux allows local users to modify TTY terminal devices that belong to other users.

IPChains in Linux kernels 2.2.10 and earlier does not reassemble IP fragments before checking the header information, which allows a remote attacker to bypass the filtering rules using several fragments with 0 offsets.

Linux 2.0.37 does not properly encode the Custom segment limit, which allows local users to gain root privileges by accessing and modifying kernel memory.

Denial of service in Linux 2.2.x kernels via malformed ICMP packets containing unusual types, codes, and IP header lengths.