FreeBSD contains a flaw that may allow a malicious user to spoof a connection. The issue is triggered when a TCP CC larger than the one currently in per-host cache is sent to the victim platform. It is possible that the flaw may allow spoofing attacks resulting in a loss of integrity.
It is possible to correct the flaw by implementing the following workaround: disable all r-* services.
Also, FreeBSD has released a patch.