CVE-2004-0354

GNU Anubis 3.6.0-3.6.2, 3.9.92-3.9.93 - Remote Code Execution via Format String Vulnerability

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-0354. PoCs published by Ulf Harnhammar.

AI-analyzed exploit summary This exploit demonstrates two vulnerabilities in GNU Anubis: a buffer overflow via the 'auth_ident' function and a format string bug in logging functions. It sets up a TCP server on port 113 to trigger these issues when Anubis connects.

Description

Multiple format string vulnerabilities in GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to execute arbitrary code via format string specifiers in strings passed to (1) the info function in log.c, (2) the anubis_error function in errs.c, or (3) the ssl_error function in ssl.c.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Ulf Harnhammar · perlremotelinux
https://www.exploit-db.com/exploits/23771

This exploit demonstrates two vulnerabilities in GNU Anubis: a buffer overflow via the 'auth_ident' function and a format string bug in logging functions. It sets up a TCP server on port 113 to trigger these issues when Anubis connects.

Classification
Working Poc 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: GNU Anubis versions 3.6.0, 3.6.1, 3.6.2, 3.9.92, and 3.9.93
No auth needed
Prerequisites: Network access to the target system · Anubis configured to use the vulnerable functions
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15346
Various Sources mailing-list x_refsource_mlist
http://mail.gnu.org/archive/html/bug-anubis/2004-02/msg00000.html
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=107843915424588&w=2
Exploit, Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/9772

Scores

EPSS 0.1564
EPSS Percentile 96.4%

Details

Status published
Products (5)
gnu/anubis 3.6.0
gnu/anubis 3.6.1
gnu/anubis 3.6.2
gnu/anubis 3.9.92
gnu/anubis 3.9.93
Published Nov 23, 2004
Tracked Since Feb 18, 2026