has found that the name service deamon
from ISC has two remote vulnerabilities. Exploit of the holes allow an attacker to run arbitrary commands on the server (not sure at what priviledge level at this time). According to
this vulnerability can be mitigated by disabling recursion on your name server. BIND4, is the name daemon OpenBSD ships with by default. BIND8 is in ports. BIND9, which is also in ports, does not appear to be vulnerable to this attack according to ISS and ISC.
No know patches are available at this time. According to Todd Miller,
OpenBSD appears vulnerable
, though mitigated by the use of a chroot environment. However, it's probably worth protecting yourself with systrace (a default named policy is shipped) or disabling recursion if possible. A patch will be available for OpenBSD after one is developed by ISC.