FreeBSD procfs jail() Access Restriction Bypass Local Privilege Escalation
Local Access Required
Loss of Confidentiality,
Loss of Integrity
FreeBSD contains a flaw that may allow a users to break out of jail virtual machines. The issue is due to an unchecked buffer in the kernel that can be exploited by jailed users. By overflowing this buffer with specially crafted code, a jailed user could bypass any restrictions normally enforced by the jailed environment and execute arbitrary code or commands, including lowering the system security level.
Upgrade to version 3.5.1-STABLE, 4.2-STABLE or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workarounds:
1. Unmount all procfs filesystems which are visible from within jail environments
2. Remove the "options PROCFS" line from your kernel configuration file and compile a new kernel.