CVE-2004-0354

GNU Anubis 3.6.0-3.9.93 - RCE

Title source: llm

Description

Multiple format string vulnerabilities in GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to execute arbitrary code via format string specifiers in strings passed to (1) the info function in log.c, (2) the anubis_error function in errs.c, or (3) the ssl_error function in ssl.c.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Ulf Harnhammar · perlremotelinux

https://www.exploit-db.com/exploits/23771

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/15346

[Various Sources] http://mail.gnu.org/archive/html/bug-anubis/2004-02/msg00000.html

[Mailing List] http://marc.info/?l=bugtraq&m=107843915424588&w=2

[Exploit, Patch, Vendor Advisory] http://www.securityfocus.com/bid/9772

Scores

EPSS 0.0624

EPSS Percentile 90.9%

Details

Status published

Products (5)

gnu/anubis 3.6.0

gnu/anubis 3.6.1

gnu/anubis 3.6.2

gnu/anubis 3.9.92

gnu/anubis 3.9.93

Published Nov 23, 2004

Tracked Since Feb 18, 2026