Linux » Linux Kernel : Security Vulnerabilities, CVEs, CVSS score >= 5

File creation and deletion, and remote execution, in the BSD line printer daemon (lpd).

Listening TCP ports are sequentially allocated, allowing spoofing attacks.

Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death.

The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access.

NFS cache poisoning.

Linux implementations of TFTP would allow access to files outside the restricted directory.

Denial of service in RPC portmapper allows attackers to register or unregister RPC services or spoof RPC services using a spoofed source IP address such as 127.0.0.1.

Denial of service of inetd on Linux through SYN and RST packets.

Nestea variation of teardrop IP fragmentation denial of service.

Buffer overflow in Linux su command gives root access to local users.

Linux bdash game has a buffer overflow that allows local users to gain root access.

super 3.11.6 and other versions have a buffer overflow in the syslog utility which allows a local user to gain root access.

In Linux before version 2.0.36, remote attackers can spoof a TCP connection and pass data to the application layer before fully establishing the connection.

Linux 2.2.3 and earlier allow a remote attacker to perform an IP fragmentation attack, causing a denial of service.

Versions of rpcbind including Linux, IRIX, and Wietse Venema's rpcbind allow a remote attacker to insert and delete entries by spoofing a source address.

ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.

A system does not present an appropriate legal message or warning to a user who is accessing it.

The rwho/rwhod service is running, which exposes machine status and user information.

The ugidd RPC interface, by design, allows remote attackers to enumerate valid usernames by specifying arbitrary UIDs that ugidd maps to local user and group names.

KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables.

Denial of service in Linux 2.2.x kernels via malformed ICMP packets containing unusual types, codes, and IP header lengths.

The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option.

IPChains in Linux kernels 2.2.10 and earlier does not reassemble IP fragments before checking the header information, which allows a remote attacker to bypass the filtering rules using several fragments with 0 offsets.

Linux 2.0.37 does not properly encode the Custom segment limit, which allows local users to gain root privileges by accessing and modifying kernel memory.

rpc.mountd on Linux, Ultrix, and possibly other operating systems, allows remote attackers to determine the existence of a file on the server by attempting to mount that file, which generates different error messages depending on whether the file exists or not.