Candidate: CVE-2003-0464
References: 
 http://www.redhat.com/support/errata/RHSA-2003-238.html
 http://oval.mitre.org/oval/definitions/data/oval311.html
Description: 
 The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are created,
 which could allow local users to bind to UDP ports that are used by privileged
 services such as nfsd.
Notes: 
 I couldn't locate the patches RedHat & SuSE used, but Connectiva apparently
 just #if 0'd out the sock->sk->reuse = 1; line in svcsock.c:svc_create_socket.
 Upstream didn't disable it altogether; just for UDP
  http://linux.bkbits.net:8080/linux-2.4/cset@3f1bdcc9r8An_GKkjlXeHBYDYOY11A?nav=index.html|src/|src/net|src/net/sunrpc|related/net/sunrpc/svcsock.c
 I'm guessing this is a UDP-only problem, so that is probably the fix we want.
 .
 This fix was in before 2.6.0.
Bugs: 
upstream: released (2.4.22-pre8)
linux-2.6: N/A
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
2.4.19-woody-security: 
2.4.18-woody-security: 
2.4.17-woody-security: 
2.4.16-woody-security: 
2.4.17-woody-security-hppa: 
2.4.17-woody-security-ia64: