CVE-2008-4445 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4445): The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, does not verify that the identifier index is within the bounds established by SCTP_AUTH_HMAC_ID_MAX, which allows local users to obtain sensitive information via a crafted SCTP_HMAC_IDENT IOCTL request involving the sctp_getsockopt function, a different vulnerability than CVE-2008-4113.
Also see: http://www.openwall.com/lists/oss-security/2008/09/29/4
hardened-kernel unaffected at present time. Removing alias. PS: genpatches-2.6.25-11 included 2.6.25.17. genpatches-2.6.26-3 included 2.6.26.4.