CVE-2006-0036 - ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in Linux kernel 2.6.14, and othe

CVE-2006-0036

Summary

ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in Linux kernel 2.6.14, and other versions, allows remote attackers to cause a denial of service (memory corruption or crash) via an inbound PPTP_IN_CALL_REQUEST packet that causes a null pointer to be used in an offset calculation.

References

Vulnerable Configurations

cpe:2.3:o:linux:linux_kernel:2.6.14:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:2.6.14:*:*:*:*:*:*:*

CVSS

Base:	7.8 (as of 20-07-2017 - 01:29)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	COMPLETE

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:C

refmap via4

bid	16414
confirm	http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commitdiff;h=15db34702cfafd24acc60295cf14861e497502ab
secunia	18482
sreason	388
trustix	2006-0004
vupen	ADV-2006-0220
xf	kernel-pptpincallrequest-dos(24203)

Last major update

20-07-2017 - 01:29

Published

23-01-2006 - 22:03

Last modified

20-07-2017 - 01:29