FreeBSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious user misuses the setlocale() function by creating a file which is a valid locale file or message catalog but contains special formatting characters which may allow certain badly written privileged applications to be exploited to execute arbitrary code. This flaw may lead to a loss of integrity.
Upgrade to version FreeBSD 4.1-STABLE or 3.5-STABLE after the correction date or later, or patch your present system source code and rebuild, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): (1) download the 'scan_locale.sh' and 'test_locale.sh' scripts provided by FreeBSD using the fetch command, (2) verify their md5 checksums, (3) run the scan_locale.sh script, and (4) remove any binaries found that make use of the exploitable function catopen().