Candidate: CVE-2007-1000
References: 
 http://bugzilla.kernel.org/show_bug.cgi?id=8134
 http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=286930797d74b2c9a5beae84836044f6a836235f
Description: 
Ubuntu-Description: 
 Due to an variable handling flaw in the  ipv6_getsockopt_sticky()
 function a local attacker could exploit the getsockopt() calls to
 read arbitrary kernel memory. This could disclose sensitive data.
Notes: 
 dannf> function doesn't exist in 2.6.8 - wtarreau says 2.4 isn't vulnerable
Bugs: 
upstream: released (2.6.21-rc4, 2.6.20.2)
linux-2.6: released (2.6.20-1)
2.6.18-etch-security: released (2.6.18.dfsg.1-12) [bugfix/ipv6_getsockopt_sticky-null-opt.patch]
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
2.6.15-dapper-security: released (2.6.15-28.57)
2.6.17-edgy-security: released (2.6.17.1-11.39) [c6a7d4a50efdc7ebd50158bcd57c981e85bd31f7]
2.6.20-feisty-security: N/A