A local overflow exists in FreeBSD. The catopen() function fails to check bounds of an internal buffer which could be indirectly overflowed by the setting of an
environment variable. With a specially crafted request, a privileged application which uses catopen() could be made to execute arbitrary code by an unprivileged local user resulting in a loss of integrity.
Upgrade to version FreeBSD 4.1-STABLE or 3.5-STABLE after the correction date or later, or patch your present system source code and rebuild, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): (1) download the 'scan_locale.sh' and 'test_locale.sh' scripts provided by FreeBSD using the fetch command, (2) verify their md5 checksums, (3) run the scan_locale.sh script, and (4) remove any binaries found that make use of the exploitable function catopen().