FreeBSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious user invokes the mount_union program, which then invokes the vfsload() library call in an insecure fashion while setuid root and may allow a symlink attack. This flaw may lead to a loss of integrity.
Upgrade to version FreeBSD 2.1-stable or FreeBSD 2.2-current as distributed later than 1996-05-18 or if you are currently running 2.1 or later, you may apply the
solution patches. It is possible to correct the flaw by implementing the following workaround: remove the setuid permission bit from mount_union.
#chmod u-s /sbin/mount_union