net/dccp/ccid.h in the Linux kernel before 3.5.4 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) by leveraging the CAPNETADMIN capability for a certain (1) sender or (2) receiver getsockopt call.