A researcher has published an explanation of a new flaw in FreeBSD that allows an attacker to take control of a vulnerable machine. The vulnerability lies in run-time link-editor and, if exploited, gives an attacker the ability to run arbitrary code. The bug resides in the Run-Time Link-Editor (rtld). Normally rtld does not allow dangerous environment variables like LD_PRELOAD to be set when executing setugid binaries like ping or su The vulnerability affects versions 8.0 and 7.1 of the software.
Source: https://threatpost.com/serious-zero-day-flaw-found-freebsd-exploit-published-120109/73171/