There is a new local root bug in FreeBSD.This bug discovered & exploited by Nikolaos Rangos also known as KingcopeThere is an unbelievable simple local r00t bug in recent FreeBSD versions.
The bug resides in the Run-Time Link-Editor (rtld).
Normally rtld does not allow dangerous environment variables like
to be set when executing setugid binaries like "ping" or "su".
With a rather simple technique rtld can be tricked into
accepting LD variables even on setugid binaries.
Please read this advisory for more details: