kernel - Multiple vulnerabilities in version 2.4.18 of the kernel

Multiple ethernet Network Interface Card (NIC) device drivers do not pad frames with null bytes, which allows remote attackers to obtain information from previous packets or kernel memory by using malformed packets. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0001 to this issue.

A vulnerability exists in O_DIRECT handling in Linux kernels 2.4.10 and later that can create a limited information leak where any user on the system with write privileges to a file system can read information from that file system (from previously deleted files), and can create minor file system corruption (easily repaired by fsck). Red Hat Linux in its default configuration is not affected by this bug, because the ext3 file system (the default file system in Red Hat Linux 7.2 and later) does not support the O_DIRECT feature. Of the kernels Red Hat has released, only the 2.4.18 kernels have this bug. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0018 to this issue.