FreeBSD Security Advisory - Due to the lack of handling of potential symbolic links the host's jail rc.d(8) script is vulnerable to "symlink attacks". By replacing /var/log/console.log inside the jail with a symbolic link it is possible for the superuser (root) inside the jail to overwrite files on the host system outside the jail with arbitrary content. This in turn can be used to execute arbitrary commands with non-jailed superuser privileges.
028e10620eb9d9c3fa9a15f2a25d7e04e9c45a57e7eaee8470108c46f4ed4e43