Linux ≫ Linux Kernel

In Linux before version 2.0.36, remote attackers can spoof a TCP connection and pass data to the application layer before fully establishing the connection.

Linux 2.2.3 and earlier allow a remote attacker to perform an IP fragmentation attack, causing a denial of service.

super 3.11.6 and other versions have a buffer overflow in the syslog utility which allows a local user to gain root access.

Buffer overflow in Linux autofs module through long directory names allows local users to perform a denial of service.

Versions of rpcbind including Linux, IRIX, and Wietse Venema's rpcbind allow a remote attacker to insert and delete entries by spoofing a source address.

Denial of service in Linux 2.2.0 running the ldd command on a core file.

Denial of service in Linux 2.0.36 allows local users to prevent any server from listening on any non-privileged port.

A race condition in Linux 2.2.1 allows local users to read arbitrary memory from /proc files.

The ugidd RPC interface, by design, allows remote attackers to enumerate valid usernames by specifying arbitrary UIDs that ugidd maps to local user and group names.

Linux 2.1.132 and earlier allows local users to cause a denial of service (resource exhaustion) by reading a large buffer from a random device (e.g. /dev/urandom), which cannot be interrupted until the read has completed.