FreeBSD Security Advisory FreeBSD-SA-03:10.ibcs2 – The iBCS2 system call translator for statfs(2) erroneously used the user-supplied length parameter when copying a kernel data structure into userland. If the length parameter were larger than required, then instead of copying only the statfs-related data structure, additional kernel memory would also be made available to the user. If iBCS2 support were enabled, a malicious user could call the iBCS2 version of statfs(2) with an arbitrarily large length parameter, causing the kernel to return a large portion of kernel memory.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/31527/FreeBSD-SA-03%3A10.ibcs2
Source: https://packetstormsecurity.com/files/31527/FreeBSD-Security-Advisory-2003.10.html