Linux ≫ Linux Kernel

Versions of rpcbind including Linux, IRIX, and Wietse Venema's rpcbind allow a remote attacker to insert and delete entries by spoofing a source address.

Denial of service in Linux 2.2.0 running the ldd command on a core file.

Denial of service in Linux 2.0.36 allows local users to prevent any server from listening on any non-privileged port.

A race condition in Linux 2.2.1 allows local users to read arbitrary memory from /proc files.

The ugidd RPC interface, by design, allows remote attackers to enumerate valid usernames by specifying arbitrary UIDs that ugidd maps to local user and group names.

Linux 2.1.132 and earlier allows local users to cause a denial of service (resource exhaustion) by reading a large buffer from a random device (e.g. /dev/urandom), which cannot be interrupted until the read has completed.

fte-console in the fte package before 0.46b-4.1 does not drop root privileges, which allows local users to gain root access via the virtual console device.

KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file.

KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables.

KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable.