Improper verification of header fields lets an attacker make the pppd server access memory it isn't allowed to, and crash the server. There is no possibility of code execution, as there is no data being copied, just a pointer dereferenced. More information here. http://www.securityfocus.com/archive/1/379450/2004-10-23/2004-10-29/0 This issue also affects RHEL2.1
This issue is only a DoS on the connection the attacker is using.