Candidate: CVE-2003-0187
References: 
 http://marc.theaimsgroup.com/?l=bugtraq&m=105986028426824&w=2
 http://oval.mitre.org/oval/definitions/data/oval260.html
Description: 
 The connection tracking core of Netfilter for Linux 2.4.20, with
 CONFIG_IP_NF_CONNTRACK enabled or the ip_conntrack module loaded, allows remote
 attackers to cause a denial of service (resource consumption) due to an
 inconsistency with Linux 2.4.20's support of linked lists, which causes
 Netfilter to fail to identify connections with an UNCONFIRMED status and
 use large timeouts.
Notes: 
 This was fixed before 2.6.0:
  http://linux.bkbits.net:8080/linux-2.6/cset@3e631f9evO15b8EcYa8btEi07F2mYQ?nav=index.html|src/|src/include|src/include/linux|src/include/linux/netfilter_ipv4|related/include/linux/netfilter_ipv4/ip_conntrack.h
Bugs: 
upstream: released (2.4.21)
linux-2.6: N/A
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
2.4.19-woody-security: N/A
2.4.18-woody-security: N/A
2.4.17-woody-security: N/A
2.4.16-woody-security: N/A
2.4.17-woody-security-hppa: N/A
2.4.17-woody-security-ia64: N/A