CVE-2004-0353

GNU Anubis <3.9.93 - Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-0353. PoCs published by CMN.

AI-analyzed exploit summary This exploit targets multiple buffer overflow and format string vulnerabilities in GNU Anubis versions 3.6.0 to 3.9.93. It includes shellcode for both Linux and FreeBSD to achieve remote code execution by leveraging heap manipulation and format string attacks.

Description

Multiple buffer overflows in auth_ident() function in auth.c for GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to gain privileges via a long string.

Exploits (1)

exploitdb WORKING POC VERIFIED
by CMN · cremotelinux
https://www.exploit-db.com/exploits/23772

This exploit targets multiple buffer overflow and format string vulnerabilities in GNU Anubis versions 3.6.0 to 3.9.93. It includes shellcode for both Linux and FreeBSD to achieve remote code execution by leveraging heap manipulation and format string attacks.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Complex
Reliability
Reliable
Target: GNU Anubis 3.6.0, 3.6.1, 3.6.2, 3.9.92, 3.9.93
No auth needed
Prerequisites: Network access to the target system · Anubis service running on port 24
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Various Sources mailing-list x_refsource_mlist
http://mail.gnu.org/archive/html/bug-anubis/2004-02/msg00000.html
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=107894315012081&w=2
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=107843915424588&w=2
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/9772
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15345

Scores

EPSS 0.0472
EPSS Percentile 90.7%

Details

Status published
Products (5)
gnu/anubis 3.6.0
gnu/anubis 3.6.1
gnu/anubis 3.6.2
gnu/anubis 3.9.92
gnu/anubis 3.9.93
Published Nov 23, 2004
Tracked Since Feb 18, 2026