Candidate: CVE-2007-2876
References: 
 http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.21.4
Description: 
 The sctp_new function in (1) ip_conntrack_proto_sctp.c and (2)
 nf_conntrack_proto_sctp.c in Netfilter in Linux kernel 2.6 before 2.6.20.13,
 and 2.6.21.x before 2.6.21.4, allows remote attackers to cause a denial of
 service by causing certain invalid states that trigger a NULL pointer
 dereference.
Ubuntu-Description: 
 Vilmos Nebehaj discovered that the SCTP netfilter code did not correctly
 validate certain states.  A remote attacker could send a specially crafted
 packet causing a denial of service.
Notes: 
 When creating a new connection by sending an unknown chunk type, we
 don't transition to a valid state, causing a NULL pointer dereference in
 sctp_packet when accessing sctp_timeouts[SCTP_CONNTRACK_NONE].
Bugs: 
upstream: released (2.6.21.4)
linux-2.6: released (2.6.21-5)
2.6.18-etch-security: released (2.6.18.dfsg.1-13etch1) [bugfix/nf_conntrack_sctp-null-deref.patch]
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
2.6.15-dapper-security: released (2.6.15-28.57)
2.6.17-edgy-security: released (2.6.17.1-11.39) [71405ef45b6a5da5419cf4580db7fe9666a63774]
2.6.20-feisty-security: released (2.6.20-16.31) [b72e4ea43b03b980f6818a10050f2d65d347f36c]