PublicDate: 2008-08-18 17:41:00 UTC
Candidate: CVE-2008-3276
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3276
 https://ubuntu.com/security/notices/USN-659-1
Description:
 Integer overflow in the dccp_setsockopt_change function in net/dccp/proto.c
 in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux
 kernel 2.6.17-rc1 through 2.6.26.2 allows remote attackers to cause a
 denial of service (panic) via a crafted integer value, related to Change L
 and Change R options without at least one byte in the dccpsf_val field.
Ubuntu-Description:
 It was discovered that the Datagram Congestion Control Protocol (DCCP)
 did not correctly validate its arguments.  If DCCP was in use, a remote
 attacker could send specially crafted network traffic and cause a system
 crash, leading to a denial of service.
Notes:
Bugs:
 https://bugs.launchpad.net/bugs/cve/CVE-2008-3276
Priority: medium
Discovered-by:
Assigned-to: smb_tp
CVSS: 

Patches_linux-source-2.6.15:
upstream_linux-source-2.6.15: not-affected
dapper_linux-source-2.6.15: not-affected
feisty_linux-source-2.6.15: DNE
gutsy_linux-source-2.6.15: DNE
hardy_linux-source-2.6.15: DNE
devel_linux-source-2.6.15: DNE

Patches_linux-source-2.6.20:
upstream_linux-source-2.6.20: needs-triage
dapper_linux-source-2.6.20: DNE
feisty_linux-source-2.6.20: ignored (end-of-life)
gutsy_linux-source-2.6.20: DNE
hardy_linux-source-2.6.20: DNE
devel_linux-source-2.6.20: DNE

Patches_linux-source-2.6.22:
upstream_linux-source-2.6.22: needs-triage
dapper_linux-source-2.6.22: DNE
feisty_linux-source-2.6.22: DNE
gutsy_linux-source-2.6.22: released (2.6.22-15.59)
hardy_linux-source-2.6.22: DNE
devel_linux-source-2.6.22: DNE

Patches_linux:
upstream_linux: needs-triage
dapper_linux: DNE
feisty_linux: DNE
gutsy_linux: DNE
hardy_linux: released (2.6.24-21.43)
devel_linux: not-affected