Linux ≫ Linux Kernel

IP masquerading in Linux 2.2.x allows remote attackers to route UDP packets through the internal interface by modifying the external source IP address and port number to match those of an established connection.

The Linux 2.2.x kernel does not restrict the number of Unix domain sockets as defined by the wmem_max parameter, which allows local users to cause a denial of service by requesting a large number of sockets.

Vulnerability when Network Address Translation (NAT) is enabled in Linux 2.2.10 and earlier with ipchains, or FreeBSD 3.2 with ipfw, allows remote attackers to cause a denial of service (kernel panic) via a ping -R (record route) command.

strace allows local users to read arbitrary files via memory mapped file names.

The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option.

Buffer overflow in Linux su command gives root access to local users.

Linux kernel before 2.3.18 or 2.2.13pre15, with SLIP and PPP options, allows local unprivileged users to forge IP packets via the TIOCSETD option on tty devices.

mknod in Linux 2.2 follows symbolic links, which could allow local users to overwrite files or gain privileges.

The pt_chown command in Linux allows local users to modify TTY terminal devices that belong to other users.

IPChains in Linux kernels 2.2.10 and earlier does not reassemble IP fragments before checking the header information, which allows a remote attacker to bypass the filtering rules using several fragments with 0 offsets.