Eclipse Equinox OSGi Console Remote Code Execution Vulnerability

A remote code execution vulnerability has been identified in the Eclipse Equinox OSGi console interface, affecting versions 3.8 through 3.18. This vulnerability allows unauthenticated attackers to execute arbitrary code by exploiting the fork command functionality. Attackers can establish a telnet connection to the OSGi console, perform a telnet handshake, and send fork commands to download and execute malicious Java code, thereby establishing a reverse shell connection.

Impact

Exploitation of this vulnerability allows for remote code execution on the server where OSGi is running.

Reproduction

To reproduce this vulnerability, connect to the OSGi console via telnet. After completing the telnet handshake, send a fork command that uses curl to download a malicious Java payload from a server you control. Once the payload is downloaded, send another fork command to execute the Java file, which will open a reverse shell connection to your machine.