Candidate: CVE-2006-0037
References: http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=03b9feca89366952ae5dfe4ad8107b1ece50b710
Description: 
 The PPTP NAT helper calculates the offset at which the packet needs
 to be mangled as difference between two pointers to the header. With
 non-linear skbs however the pointers may point to two seperate buffers
 on the stack and the calculation results in a wrong offset beeing
 used.
Notes:
 jmm> The vulnerable code isn't present in 2.4 and 2.6.8 
Bugs: 
upstream: released (2.6.15.1)
linux-2.6: released (2.6.15-3)
2.6.8-sarge-security: N/A
2.4.27-sarge-security: N/A
2.4.19-woody-security: N/A
2.4.18-woody-security: N/A
2.4.17-woody-security: N/A
2.4.16-woody-security: N/A
2.4.17-woody-security-hppa: N/A
2.4.17-woody-security-ia64: N/A