A local overflow exists in libmytinfo, which is a part of the ncurses text-mode display library. It fails to validate input of the TERMCAP environment variable resulting in a buffer overflow. With a specially crafted request, an attacker can obtain escalated privileges resulting in a loss of integrity.
Upgrade to FreeBSD 3.5 or higher, as it has been reported to fix this vulnerability. Or apply the patch (see external references). It is also possible to correct the flaw by implementing the following workarounds: Remove any setuid or setgid binary which is linked against libmytinfo (including statically linked), or remove set[ug]id privileges from the file as appropriate.