_ _ _____ _ ___ _____ _ _ / / / / ____/ / / _/_ __/ / / / / /_/ / __/ / / / / / / / /_/ / / __ / /___/ /____/ / / / / __ / /_/ /_/_____/_____/___/ /_/ /_/ /_/ Helith - 0815 -------------------------------------------------------------------------------- Author : Rembrandt Date : 2008-12-30 Affected Software: OpenBSD tty Affected OS : OpenBSD Type : local DoS OSVDB : CVE : ISS X-Force: : BID : OpenBSD is prone to a local DoS condition in the tty wich leads to a non userable tty for serval minutes. If somebody, before entering a complete login, presses the arrow-keys serval times in the "login: "-field the OpenBSD tty will freeze for serval minutes. Steps to reproduce: OpenBSD/i386 (testbox) (ttyC1) login: [do press arrow keys now] The risk of this attack should be very low because it is not remotely exploitable. OpenBSD developers got informed about this behavior. Kind regards, Rembrandt