Candidate: CVE-2009-3725
Description:
 certain priviledged routines can be executed by an unpriviledged user, potentially 
 leading to arbitrary code execution as the priviledged user
References:
 http://www.openwall.com/lists/oss-security/2009/11/02/1
 http://xorl.wordpress.com/2009/10/31/linux-kernel-multiple-capabilities-missing-checks/
Notes:
 - multiple issues that were introduced and fixed in various versions of the kernel
 - two issues are already fixed in 2.6.31-1, and two issues remain to be fixed (currently
   in upstream's staging branch)
Bugs:
upstream: released (2.6.32-rc3) [cc44578b5a508889beb8ae3ccd4d2bbdf17bc86c, 98a5783af02f4c9b87b676d7bbda6258045cfc76, 5788c56891cfb310e419c4f9ae20427851797431, 24836479a126e02be691e073c2b6cad7e7ab836a], released (2.6.31.5) [127f1bdba584bc2aa2f910273b6b5701d5bad3ed, 85a79fc56eaee6587d19971b5348261773c1c507, 060425ef1d42f59b9b3faed31406e9e59c7464a0, e1a7338bc0da30633357c84be4df222a1bdbfd99]
linux-2.6: released (2.6.32-1)
2.6.18-etch-security: N/A
2.6.24-etch-security: ignored (EOL)
2.6.26-lenny-security: released (2.6.26-21lenny4) [bugfix/all/connector-keep-the-skb-in-cn_callback_data.patch, bugfix/all/connector-provide-the-sender-s-credentials-to-the-callback.patch, bugfix/all/connector-removed-the-destruct_data-callback-since-it-is-always-kfree_skb.patch, bugfix/all/uvesafb-connector-disallow-unpliviged-users-to-send-netlink-packets.patch]
2.6.32-squeeze-security: released (2.6.32-1)