The STP protocol, as enabled in Linux 2.4.x, does not provide sufficient security by design, which allows malicious users to modify the bridge topology.
The IA-64 maintainers fixed several security related bugs in the Linux
kernel 2417 used for the IA-64 architecture, mostly by backporting
fixes from 2418 The corrections are listed below with the
identification from the Common Vulnerabilities and Exposures (CVE)
project:
CAN-2003-0001:
Multiple ethernet network interface card (NIC) device ...
A number of vulnerabilities have been discovered in the Linux kernel
CAN-2003-0461: /proc/tty/driver/serial in Linux 24x reveals the
exact number of characters used in serial links, which could allow
local users to obtain potentially sensitive information such as the
length of passwords This bug has been fixed by restricting access
to ...