Candidate: CVE-2004-2013
References: 
 http://archives.neohapsis.com/archives/bugtraq/2004-05/0091.html
 http://lists.netsys.com/pipermail/full-disclosure/2004-May/021223.html 
 http://marc.theaimsgroup.com/?l=bugtraq&m=108456230815842&w=2
 http://www.securityfocus.com/bid/10326
 http://xforce.iss.net/xforce/xfdb/16117
Description: 
 Integer overflow in the SCTP_SOCKOPT_DEBUG_NAME SCTP socket option in socket.c
 in the Linux kernel 2.4.25 and earlier allows local users to execute arbitrary
 code via an optlen value of -1, which causes kmalloc to allocate 0 bytes of
 memory.
Notes: 
 jmm> http://archives.neohapsis.com/archives/bugtraq/2004-05/0091.html
 jmm> The vulnerable socket option was removed entirely in 2.4.26 and 2.6.*,
 jmm> Woody could be affected, though
Bugs: 
upstream: released (2.4.26)
linux-2.6: N/A
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
2.4.19-woody-security: 
2.4.18-woody-security: 
2.4.17-woody-security: 
2.4.16-woody-security: 
2.4.17-woody-security-hppa: 
2.4.17-woody-security-ia64: