CVE-2004-0353
Description
Buffer overflows in GNU Anubis auth_ident() allow remote attackers to gain root privileges via a crafted ident response.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Buffer overflows in GNU Anubis auth_ident() allow remote attackers to gain root privileges via a crafted ident response.
Vulnerability
Multiple buffer overflows exist in the auth_ident() function in auth.c of GNU Anubis versions 3.6.0 through 3.6.2, 3.9.92, and 3.9.93. The overflows are caused by the use of sscanf() with "%s" format strings instead of bounded specifiers, allowing an attacker to overflow stack buffers with a long string [2].
Exploitation
An attacker can exploit this vulnerability by connecting to the Anubis server (typically on port 24) and sending a long string as part of the ident protocol response. No authentication is required. The auth_ident() function processes this input, triggering the buffer overflow. Public exploit code exists for version 3.6.2, demonstrating remote code execution [1].
Impact
Successful exploitation allows a remote attacker to execute arbitrary code with root privileges, as GNU Anubis typically runs as root before dropping privileges [2]. This results in full system compromise.
Mitigation
Patches were released by the vendor for versions 3.6.2 and 3.9.93 [3]. Users should upgrade to the patched versions or apply the available patches. Later versions of GNU Anubis are not affected. No workaround is available if patching is not possible.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
6cpe:2.3:a:gnu:anubis:3.6.0:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:gnu:anubis:3.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:anubis:3.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:anubis:3.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:anubis:3.9.92:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:anubis:3.9.93:*:*:*:*:*:*:*
- (no CPE)range: >=3.6.0, <=3.6.2, 3.9.92, 3.9.93
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Multiple buffer overflows in the auth_ident() function allow remote attackers to gain privileges."
Attack vector
A remote attacker can trigger multiple buffer overflows in the `auth_ident()` function by sending a long string as an identifier. This can lead to arbitrary code execution in the context of the Anubis software. The vulnerability affects GNU Anubis versions 3.6.0 through 3.6.2, and 3.9.92 through 3.9.93 [ref_id=1].
Affected code
The vulnerability exists in the `auth_ident()` function located in the `auth.c` file. This function is present in GNU Anubis versions 3.6.0 through 3.6.2, and 3.9.92 through 3.9.93 [ref_id=1].
What the fix does
The advisory does not specify a patch or provide remediation guidance beyond upgrading. Therefore, the exact fix is not detailed. However, the vulnerability is described as multiple buffer overflows in the `auth_ident` function in `auth.c` [ref_id=1].
Preconditions
- networkThe target system must be running a vulnerable version of GNU Anubis.
- inputThe attacker must be able to send a specially crafted, long string as an identifier to the `auth_ident` function.
Reproduction
The provided exploit code demonstrates how to trigger the buffer overflow vulnerability in GNU Anubis. It involves connecting to the Anubis service, sending a crafted payload that exploits the `auth_ident` function, and potentially executing shellcode for remote code execution [ref_id=1].
Generated on Jun 2, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5- www.securityfocus.com/bid/9772nvdExploitPatchVendor Advisory
- mail.gnu.org/archive/html/bug-anubis/2004-02/msg00000.htmlnvd
- marc.infonvd
- marc.infonvd
- exchange.xforce.ibmcloud.com/vulnerabilities/15345nvd
News mentions
0No linked articles in our index yet.