Candidate: CVE-2008-4609
Description:
 The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft 
 Windows, (4) Cisco products, and probably other operating systems allows remote 
 attackers to cause a denial of service (connection queue exhaustion) via multiple 
 vectors that manipulate information in the TCP state table, as demonstrated by 
 sockstress.
References:
 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4609
 http://www.openwall.com/lists/oss-security/2009/09/16/4
 http://www.openwall.com/lists/oss-security/2009/09/16/5
 http://kbase.redhat.com/faq/docs/DOC-18730
 http://www.cpni.gov.uk/Docs/tn-03-09-security-assessment-TCP.pdf
Ubuntu-Description:
Notes:
 - apparently some fundamental flaws in tcp.  microsoft patched this in versions >xp.
 - lots of speculation but not much definitive. not sure whether its too big of a deal
 - just denial-of-services?
 - ignored by redhat
Bugs:
upstream: 
linux-2.6: 
2.6.18-etch-security: ignored
2.6.24-etch-security: ignored
2.6.26-lenny-security: ignored ("no upstream fix")