Improper verification of header fields lets an attacker make the pppd
server access memory it isn't allowed to, and crash the server. There
is no possibility of code execution, as there is no data being copied,
just a pointer dereferenced.
More information here.
This should also affect FC3
Fixed in updates in rpm ppp-2.4.2-5.2.FC2.
This issue is only a DoS on the connection the attacker is using.