Во FreeBSD не лучше:https://lists.freebsd.org/pipermail/freebsd-security/2006-Oc...
"The policy of the FreeBSD Security Team is that local denial of service
bugs not be treated as security issues; it is possible that this problem
will be corrected in a future Erratum."
If there was any potential for
(a) privilege escalation,
(b) disclosure of potentially sensitive information, or
(c) denial of service by a non-authenticated attacker,
we would have issued a security advisory.
https://lists.freebsd.org/pipermail/freebsd-security/2006-Oc...
An unprivileged user who is able to execute code on an affected system
can cause a kernel panic. There are a variety of reasons for not treating
bugs like this as security issues; the strongest reason imho is that if one
of your users is making a system crash, you can disable his account and call
the police.
https://www.coresecurity.com/advisories/freebsd-kernel-multi...
2015-01-26: FreeBSD confirms the bugs, but informs us that they'll only publish a security advisory for the SCTP Socket SCTP_SS_VALUE Memory Corruption and Kernel Memory Disclosure vulnerabilities. For the "vt Driver VT_WAITACTIVE Sign Conversion Vulnerability" they will commit a normal change and then release an "Errata Notice" informing the fix. They set the publication date for 27th January, 2015.
2015-01-26: Core Security informs that understands their position regarding the vt Driver VT_WAITACTIVE Sign Conversion issue, but we will nevertheless publish thew bug in the advisory because we consider it a vulnerability. We accepted their offer of sharing CVE IDs.
