Some obvious fixes:
1) OpenBSD haves different logo than FreeBSD. These are really two different systems.
2) I guess this bug is DoS, not DDoS. I.e. it is potentially possible to provoke Denial Of Service (DoS) in some software, tricking software to do things where it would no longer operate correctly. I fail to see how you can DDoS (Distributed Denial of Service) something. DDoS usually means attack conducted by distributed groups of hosts and obviously not a case.
3) IMO it is not critical. It can be used to cause some service outages on some software but neither it allows to gain control over machine nor it could be used to knock down arbitrary service doing something. Hence impact is kinda limited and hard to use. Why it called "critical" then?

By using an unsophisticated technique commonly called as sensationalism. It's often deployed by news tabloids.


Hey, Michael...
Did you mean "reader"? My non-native English confuses me in understanding it.

Better to fork the entire project and start removing support for old systems, and then create passive-aggressive blogs overusing hashtags.

Since when is a vurnerability for DOS attack a security bug?
Where is your secure data going on a denial of service?

Maybe this is the equivalent of a homeopathic remedy, all this traffic shakes the secure data till its not there and the information it contains will become more potent.

Let's everybody keep calm. Sounds like a local authenticated user DoS. Let's plug the details into NVD's CVSS score calculator here: https://nvd.nist.gov/cvss.cfm?calculator&version=2 and see if we get anything near the 7.0 - 10.0 range that might deserve to be called "critical".

Uhhh it requires that the target process to be reading from a fifo that you can write to. http://marc.info/?l=openbsd-tech&m=141259739204618&w=2

This is not even a security bug...? (famous last words?)

More proof that OpenBSD IS INSECURE

The cat's out of the bag once again and as happened over and over again, OpenBSD is NOT SECURE. Theo (the Rat) and his cronies do not live in reality. Yes their security implementations may have been mediocre in the 1980s but form the 1990s to today, they are just plain useless. And worst, there's no way of making a secure system while just a handful of old delusional farts who are much better at trolling and bashing Linux then making a decent OS.

We see BSD losers like these trash talking bash about a security hole that existed for 14 years and yet we see the very same software that these old farts "make" have a hole which existed for a similar period of time. This shows the bugs in OpenBSD are no less severe then the bugs in BASH or OpenSSL. The difference is BASH and OpenSSL have many maintainers while OpenBSD and Other BSDs have only a few armatures who's minds are not in reality.

Heartbleed and shellshock were in the code for a long time because they were well hidden and were very hard to find and exploit. This bug in OpenBSD lets cause OpenDoS existed in the code for so long because there were so little people giving a f__k about OpenBSD and the 5 only developers are incompetent. I can bet you that this bug, OpenDoS, has been exploited far more then Heartbleed and shellshock.

People, please, if You have OpenBSD installed, please removing it and replace it with Linux.Beasties cannot match Linux in every field.

Yeah I know, OpenBSD farts always did that (OpenSSH, OpenNTPD, OpenSMTPD and LibreSSL). Now is thier entire OS that has the bug and some one will fork it and clean the code and make it GPL Oh wait.... There's Linux!! OpenBSD/OpenBSD forks iare NOT NEEDED!!!

Read carefully, this bug, OpenDoS, allows hacker to use OpenBSD to DoS other systems. OpenBSD is thus a liability and best not to have it anywhere on your networks.