Multiple buffer overflows in eject on FreeBSD and possibly other OSes allows local users to gain root privileges.
Related posts