From owner-freebsd-security  Sun Aug 10 03:58:53 1997
Return-Path: <owner-freebsd-security>
Received: (from root@localhost)
          by hub.freebsd.org (8.8.5/8.8.5) id DAA16311
          for security-outgoing; Sun, 10 Aug 1997 03:58:53 -0700 (PDT)
Received: from kspu.kaluga.ru (kspu.kaluga.ru [195.90.175.1])
          by hub.freebsd.org (8.8.5/8.8.5) with ESMTP id DAA16306
          for <freebsd-security@freebsd.org>; Sun, 10 Aug 1997 03:58:47 -0700 (PDT)
Received: by kspu.kaluga.ru id PAA02131;
  (8.8.5/vak/1.9) Sun, 10 Aug 1997 15:00:39 +0400 (MSD)
Date: Sun, 10 Aug 97 11:00:38 +0000
From: king@kspu.kaluga.ru (Oleg V. King)
To: freebsd-security@freebsd.org
Message-ID: <AAMzPxpu22@kspu.kaluga.ru>
Subject: procfs hole working!
X-Mailer: BML [UNIX Beauty Mail v.1.39]
Sender: owner-freebsd-security@freebsd.org
X-Loop: FreeBSD.org
Precedence: bulk

>   Brian Mitchell writes:

>   > be nonwritable can be modified. Enclosed is a simple exploit tested under
>   > FreeBSD 2.2.1 -- beware, this exploit is slow because it searches memory

>           Worked in 1 minute on a DX-33 here :-(

>           Has anyone tried with 2.2.2 ?

My FreeBSD 2.2.2 has been hacked in 20 seconds. :(

Oleg King