Candidate: CVE-2006-3468
References: 
 http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=2ccb48ebb4de139eef4fcefd5f2bb823cb0d81b9
Description:
 Linux kernel 2.6.x, when using both NFS and EXT3, allows remote
 attackers to cause a denial of service (file system panic) via a
 crafted UDP packet with a V2 lookup procedure that specifies a bad
 file handle (inode number), which triggers an error and causes an
 exported directory to be remounted read-only. 
Ubuntu-Description:
 James McKenzie discovered a Denial of Service vulnerability in the
 NFS driver. When exporting an ext3 file system over NFS, a remote
 attacker could exploit this to trigger a file system panic by sending
 a specially crafted UDP packet.
Notes: 
 http://lkml.org/lkml/2006/7/20/1: proposed patch
 unclear whether 2.4 is affected
 dannf> Submitted to Adrian Bunk for inclusion in 2.6.16.x
 dannf> ignoring 2.4 till a fix goes upstream
Bugs: 
 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=199172
upstream: released (2.6.17.8, 2.6.18-rc4)
linux-2.6: released (2.6.18-1)
2.6.8-sarge-security: released (2.6.8-16sarge5) [fs-ext3-bad-nfs-handle.dpatch]
2.4.27-sarge-security: ignored (2.4.27-10sarge4)
2.6.10-hoary-security: released (2.6.10-34.23)
2.6.12-breezy-security: released (2.6.12-10.37)
2.6.15-dapper-security: released (2.6.15-26.47)
2.6.17-edgy: released (2.6.17-10.30)
2.6.18-etch-security: N/A