Candidate: CVE-2007-1730
References: 
 http://www.securityfocus.com/archive/1/archive/1/463934/100/0/threaded 
 http://www.securityfocus.com/archive/1/archive/1/464144/100/0/threaded 
 http://marc.info/?l=dccp&m=117509584316267&w=2 
 http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.20.y.git;a=commit;h=4eb3dd593742225da375596564aca6aca2470999
Description:
 Integer signedness error in the DCCP support in the do_dccp_getsockopt function
 in net/dccp/proto.c in Linux kernel 2.6.20 and later allows local users to read
 kernel memory or cause a denial of service (oops) via a negative optlen value.
Ubuntu-Description: 
 The do_dccp_getsockopt() function did not sufficiently verify the
 optlen argument. A local attacker could exploit this to read kernel
 memory (which might expose sensitive data) or cause a kernel crash.
 This only affects Ubuntu 7.04.
Notes: 
 Earlier kernels than 2.6.20 do not have these options.
Bugs: 
upstream: released (2.6.20.7)
linux-2.6: released (2.6.21-1)
2.6.18-etch-security: N/A
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
2.6.15-dapper-security: N/A
2.6.17-edgy-security: N/A
2.6.20-feisty-security: released (2.6.20-16.28)