Just looked at http://security.freebsd.org/advisories/FreeBSD-SA-11:10.pam.asc and saw:
Code:============================================================================= FreeBSD-SA-11:10.pam Security Advisory The FreeBSD Project Topic: pam_start() does not validate service names Category: contrib Module: pam Announced: 2011-12-23 Credits: Matthias Drochner Affects: All supported versions of FreeBSD. Corrected: 2011-12-13 13:03:11 UTC (RELENG_7, 7.4-STABLE) 2011-12-23 15:00:37 UTC (RELENG_7_4, 7.4-RELEASE-p5) 2011-12-23 15:00:37 UTC (RELENG_7_3, 7.3-RELEASE-p9) 2011-12-13 13:02:52 UTC (RELENG_8, 8.2-STABLE) 2011-12-23 15:00:37 UTC (RELENG_8_2, 8.2-RELEASE-p5) 2011-12-23 15:00:37 UTC (RELENG_8_1, 8.1-RELEASE-p7) 2011-12-13 12:59:39 UTC (RELENG_9, 9.0-STABLE) [color="Red"]2011-12-13 13:02:31 UTC (RELENG_9_0, 9.0-RELEASE)[/color] CVE Name: CVE-2011-4122 ...