/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords.
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A997
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9330
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A304
http://www.redhat.com/support/errata/RHSA-2004-188.html
http://www.redhat.com/support/errata/RHSA-2003-238.html
http://www.debian.org/security/2004/dsa-423
http://www.debian.org/security/2004/dsa-358
http://rsbac.dyndns.org/pipermail/rsbac/2002-May/000162.html