FreeBSD 7.2 VFS/devfs race condition exploit

FreeBSD 7.2 and below including 6.4 are vulnerable to race condition in VFS and devfs code, resulting in NULL pointer dereference. In contrast to pipe race condition, this vulnerability is actually much harder to exploit. Due to uninitalised value in devfsopen, following function is called with...