988042953360dcc04a965965f08e11b7e8329328 - pub/scm/linux/kernel/git/stable/linux-stable

commit	988042953360dcc04a965965f08e11b7e8329328	[log] [tgz]
author	Patrick McHardy <kaber@trash.net>	Tue Jan 10 02:00:07 2006 +0100
committer	Greg Kroah-Hartman <gregkh@suse.de>	Mon Jan 30 22:42:30 2006 -0800
tree	46cc93303a8bfd7db2f99e10d79f55eb8b55566f
parent	7d5e09f7dc89aff4b6cfa42ca686f3b20eacfdbd [diff]

[PATCH] Fix crash in ip_nat_pptp (CVE-2006-0036)

When an inbound PPTP_IN_CALL_REQUEST packet is received the
PPTP NAT helper uses a NULL pointer in pointer arithmentic to
calculate the offset in the packet which needs to be mangled
and corrupts random memory or crashes.

Signed-off-by: Patrick McHardy <kaber@trash.net>
Signed-off-by: Chris Wright <chrisw@sous-sol.org>
Signed-off-by: Greg Kroah-Hartman <gregkh@suse.de>

net/ipv4/netfilter/ip_nat_helper_pptp.c[diff]

1 file changed

tree: 46cc93303a8bfd7db2f99e10d79f55eb8b55566f

arch/
crypto/
Documentation/
drivers/
fs/
include/
init/
ipc/
kernel/
lib/
mm/
net/
scripts/
security/
sound/
usr/
.gitignore
COPYING
CREDITS
Kbuild
MAINTAINERS
Makefile
README
REPORTING-BUGS