Francisco Falcon from the Core Exploit Writers Team found multiple vulnerabilities in the FreeBSD kernel code that implements the vt console driver (previously known as Newcons) and the code that implements SCTP sockets.
These vulnerabilities could allow local unprivileged attackers to disclose kernel memory containing sensitive information, crash the system, and execute arbitrary code with superuser privileges.
FreeBSD 10.1-RELEASE is vulnerable, other versions may be affected too but they were no checked.
The FreeBSD team has released patches for the reported vulnerabilities. You should upgrade to FreeBSD 10.1-RELENG or one of the following releases:
- stable/10, 10.1-STABLE
- releng/10.1, 10.1-RELEASE-p5
- releng/10.0, 10.0-RELEASE-p17
- stable/9, 9.3-STABLE
- releng/9.3, 9.3-RELEASE-p9
- stable/8, 8.4-STABLE
- releng/8.4, 8.4-RELEASE-p23.
For technical details, chech out the advisory here.