Linux kernel 2.6.x does not properly restrict socket policy access to users with the CAP_NET_ADMIN capability, which could allow local users to conduct unauthorized activities via (1) ipv4/ip_sockglue.c and (2) ipv6/ipv6_sockglue.c.
Not in 2.6.12.5 for some reason (and public for a few weeks); opening bug.
Fixed in 2.6.12.6 Fixed in gentoo-sources-2.6.12-r10 Fixed in genpatches-2.6.12-14
All fixed, closing bug.