/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords.
rsbac.dyndns.org/pipermail/rsbac/2002-May/000162.html
www.debian.org/security/2004/dsa-358
www.debian.org/security/2004/dsa-423
www.redhat.com/support/errata/RHSA-2003-238.html
www.redhat.com/support/errata/RHSA-2004-188.html
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A304
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9330
oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A997