The knfsd NFS server in Linux kernel 2.2.x allows remote attackers to cause a denial of service via a negative size value.

IP masquerading in Linux 2.2.x allows remote attackers to route UDP packets through the internal interface by modifying the external source IP address and port number to match those of an established connection.

The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option.

Denial of service in Linux 2.2.x kernels via malformed ICMP packets containing unusual types, codes, and IP header lengths.

Linux 2.2.3 and earlier allow a remote attacker to perform an IP fragmentation attack, causing a denial of service.

Buffer overflow in Linux autofs module through long directory names allows local users to perform a denial of service.

fte-console in the fte package before 0.46b-4.1 does not drop root privileges, which allows local users to gain root access via the virtual console device.

ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.

File creation and deletion, and remote execution, in the BSD line printer daemon (lpd).

Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death.