FreeBSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when pkg_add extracts the contents of a package to a temporary directory in /var/tmp with world writable permissions. This flaw may lead to a loss of integrity.
Upgrade to version 4.4-STABLE, or the RELENG_4_4 or RELENG_4_3 security branches dated after the respective correction dates, as it has been reported to fix this vulnerability. In addition, FreeBSD has released a patch for some older versions. It is also possible to correct the flaw by implementing the following workaround: create a secure temporary directory (such as /var/tmp/inst) and secure the directory permissions (chmod 700 /var/tmp/inst). Set the TMPDIR environment variable to this directory before running pkg_add.