VYPR
← All advisories
Unrated severityNVD Advisory· Published Jan 23, 2006· Updated Jun 16, 2026

CVE-2006-0036

CVE-2006-0036

Description

ip_nat_pptp in the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) in Linux kernel 2.6.14, and other versions, allows remote attackers to cause a denial of service (memory corruption or crash) via an inbound PPTP_IN_CALL_REQUEST packet that causes a null pointer to be used in an offset calculation.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Linux/Kernel2 versions
    cpe:2.3:o:linux:linux_kernel:2.6.14:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:o:linux:linux_kernel:2.6.14:*:*:*:*:*:*:*
    • (no CPE)range: 2.6.14

Patches

Vulnerability mechanics

Root cause

"Missing null-pointer validation in the PPTP NAT helper's handling of inbound PPTP_IN_CALL_REQUEST packets leads to an invalid offset calculation from pointer arithmetic."

Attack vector

A remote attacker sends a crafted inbound PPTP_IN_CALL_REQUEST packet to a system running the vulnerable PPTP NAT helper [ref_id=1]. The packet triggers a null pointer dereference in an offset calculation within `ip_nat_pptp`, causing random memory corruption or a kernel crash [ref_id=1]. No authentication is required, as the attack is performed over the network against the NAT helper's processing of PPTP control traffic.

Affected code

The vulnerability resides in `ip_nat_pptp` within the PPTP NAT helper (`netfilter/ip_nat_helper_pptp.c`) in Linux kernel 2.6.14 and other versions [ref_id=1]. The flaw occurs in the handling of inbound PPTP_IN_CALL_REQUEST packets, where a null pointer is used in an offset calculation, leading to memory corruption or a kernel crash [ref_id=1].

What the fix does

The advisory does not include a patch diff, but the recommended fix is to upgrade to a corrected kernel version (e.g., kernel-2.6.15.1-1tr for Trustix Secure Linux 3.0) [ref_id=1]. The fix likely adds a null-pointer check before performing pointer arithmetic on the socket buffer, preventing the invalid offset calculation that leads to memory corruption.

Preconditions

  • configThe target system must be running a vulnerable Linux kernel version (e.g., 2.6.14) with the PPTP NAT helper (netfilter/ip_nat_helper_pptp.c) enabled.
  • networkThe attacker must be able to send network packets to the target, specifically crafted PPTP_IN_CALL_REQUEST packets that reach the NAT helper.

Generated on Jun 17, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

7

News mentions

0

No linked articles in our index yet.