PublicDate: 2008-07-02 16:41:00 UTC
Candidate: CVE-2008-2826
References: 
 https://ubuntu.com/security/notices/USN-625-1
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2826
Description:
 Integer overflow in the sctp_getsockopt_local_addrs_old function in
 net/sctp/socket.c in the Stream Control Transmission Protocol (sctp)
 functionality in the Linux kernel before 2.6.25.9 allows local users to
 cause a denial of service (resource consumption and system outage) via
 vectors involving a large addr_num field in an sctp_getaddrs_old data
 structure.
Ubuntu-Description: 
 Gabriel Campana discovered that SCTP routines did not correctly check
 for large addresses.  A local user could exploit this to allocate all
 available memory, leading to a denial of service.
Notes: 
 kees> linux-2.6: 735ce972fbc8a65fb17788debd7bbe7b4383cc62
 kees> was reported at one point as CVE-2008-2372
Bugs: 
Priority: medium
Discovered-by:
Assigned-to: kees
CVSS: 

Patches_linux-source-2.6.15:
upstream_linux-source-2.6.15: needed
dapper_linux-source-2.6.15: released (2.6.15-52.69)
feisty_linux-source-2.6.15: DNE
gutsy_linux-source-2.6.15: DNE
hardy_linux-source-2.6.15: DNE
devel_linux-source-2.6.15: DNE

Patches_linux-source-2.6.20:
upstream_linux-source-2.6.20: needed
dapper_linux-source-2.6.20: DNE
feisty_linux-source-2.6.20: released (2.6.20-17.37)
gutsy_linux-source-2.6.20: DNE
hardy_linux-source-2.6.20: DNE
devel_linux-source-2.6.20: DNE

Patches_linux-source-2.6.22:
upstream_linux-source-2.6.22: needed
dapper_linux-source-2.6.22: DNE
feisty_linux-source-2.6.22: DNE
gutsy_linux-source-2.6.22: released (2.6.22-15.56)
hardy_linux-source-2.6.22: DNE
devel_linux-source-2.6.22: DNE

Patches_linux:
upstream_linux: released
dapper_linux: DNE
feisty_linux: DNE
gutsy_linux: DNE
hardy_linux: released (2.6.24-19.36)
devel_linux: not-affected