Integer signedness error in the vt console driver (formerly Newcons) in FreeBSD 9.3 before p10 and 10.1 before p6 allows local users to cause a denial of service (crash) and possibly gain privileges via a negative value in a VT_WAITACTIVE ioctl call, which triggers an array index error and out-of-bounds kernel memory access.
Error en propiedad signedness de un entero, en el controlador de consola vt (anteriormente Newcons) en FreeBSD versión 9.3 y anteriores a p10 y versión 10.1 y anteriores a p6, permite a los usuarios locales causar una denegación de servicio (bloqueo) y posiblemente alcanzar privilegios por medio de un valor negativo en una llamada ioctl VT_WAITACTIVE, que desencadena un error de índice de matriz y acceso a la memoria del kernel fuera de límites.
Core Security Technologies Advisory - Multiple vulnerabilities have been found in the FreeBSD kernel code that implements the vt console driver (previously known as Newcons) and the code that implements SCTP sockets. These vulnerabilities could allow local unprivileged attackers to disclose kernel memory containing sensitive information, crash the system, and execute arbitrary code with superuser privileges.
