Candidate: CVE-2006-2274
References: 
 CONFIRM:http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=672e7cca17ed6036a1756ed34cf20dbd72d5e5f6
 URL:http://www.securityfocus.com/bid/17955
 URL:http://secunia.com/advisories/20237
 URL:http://xforce.iss.net/xforce/xfdb/26432 
Description: 
 Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial
 of service (infinite recursion and crash) via a packet that contains two or
 more DATA fragments, which causes an skb pointer to refer back to itself when
 the full message is reassembled, leading to infinite recursion in the
 sctp_skb_pull function.
Notes: 
 dannf> Submitted to Marcelo for 2.4
Bugs: 
upstream: released (2.6.16.15)
linux-2.6: released (2.6.16-13)
2.6.8-sarge-security: released (2.6.8-16sarge3)
2.4.27-sarge-security: released (2.4.27-10sarge3)
2.4.19-woody-security: N/A
2.4.18-woody-security: N/A
2.4.17-woody-security: N/A
2.4.16-woody-security: N/A
2.4.17-woody-security-hppa: N/A
2.4.17-woody-security-ia64: N/A