FreeBSD Security Advisory - Due to the lack of handling of potential symbolic links the host's jail rc.d(8) script is vulnerable to "symlink attacks". By replacing /var/log/console.log inside the jail with a symbolic link it is possible for the superuser (root) inside the jail to overwrite files on the host system outside the jail with arbitrary content. This in turn can be used to execute arbitrary commands with non-jailed superuser privileges.
028e10620eb9d9c3fa9a15f2a25d7e04e9c45a57e7eaee8470108c46f4ed4e43
FreeBSD Security Advisory - jail(2) is susceptible to a symlink related vulnerability due to a lack of sanity checking.
67718e9c6c514fdd36e62fe2606ff687a4feed8cb51383a05dc3595135aae050