Candidate: CVE-2006-0036
References:
 http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=15db34702cfafd24acc60295cf14861e4975\02ab 
Description: 
 When an inbound PPTP_IN_CALL_REQUEST packet is received the
 PPTP NAT helper uses a NULL pointer in pointer arithmentic to
 calculate the offset in the packet which needs to be mangled
 and corrupts random memory or crashes.
Notes: 
 jmm> This is not included in 2.4 and 2.6.8
Bugs: 
upstream: released (2.6.15.1)
linux-2.6: released (2.6.15-3)
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
2.4.19-woody-security: N/A
2.4.18-woody-security: N/A
2.4.17-woody-security: N/A
2.4.16-woody-security: N/A
2.4.17-woody-security-hppa: N/A
2.4.17-woody-security-ia64: N/A