VMware warns about ESX source code public posting

Posted by Massimo Ferrari   |   Wednesday, April 25th, 2012   |  

Yesterday Iain Mulholland, Director of VMware Security Response Center, posted a VMware Security Note on Power of Partnership and VMware Security & Compliance official blogs.

Mulholland announced the public posting, on April 23, of a single file, containing VMware ESX source code and commentary from the period between 2003 and 2004.

The company has not officially reported which products could be compromised from this code leak or who might be the origin of the publication.

Due to ESX complexity what is clear is that the level of risk is directly related to what kind of information are contained in the published code.

If the code leaked was more service console level, versus the hypervisor or virtual machine manager (VMM) level code, then this is probably no big deal. However, if the code contains some of the more proprietary stuff, then it is a potential security risk — as well as a competitive risk if someone like Oracle, Red Hat, or Microsoft can capitalize on it.

Said Chris Ward, vice president of consulting and Integration at Greenpages, as crn.com reports.

Yesterday, April 23, 2012, our security team became aware of the public posting of a single file from the VMware ESX source code and the possibility that more files may be posted in the future. The posted code and associated commentary dates to the 2003 to 2004 timeframe.

The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers. VMware proactively shares its source code and interfaces with other industry participants to enable the broad virtualization ecosystem today. We take customer security seriously and have engaged internal and external resources, including our VMware Security Response Center, to thoroughly investigate. We will continue to provide updates to the VMware community if and when additional information is available.

blog comments powered by Disqus

virtualization.info Newest articles
Microsoft loves Red Hat: The business implications

November 18th, 2015

As you may have heard, Microsoft recently announced its “historical” partnership with Red Hat, something that a number of analysts already claimed as a milestone for both companies but especially for…

Red Hat acquires Ansible

October 16th, 2015

Today Red Hat announced that it has signed a definitive agreement to acquire Ansible, provider of an IT automation tool popular especially within the developers’ community.
The acquisition is rumored…

Dell acquires EMC, owner of VMware and Pivotal

October 12th, 2015

Dell today announced that it signed a definitive agreement to acquire EMC Corporation for a total of $67 billion, making it the largest ever acquisition in the technology industry so…

Red Hat announces earnings for Q2 2015

October 2nd, 2015

Red Hat announced its financial results for the second quarter of fiscal year 2016.
Total revenue for the second quarter ended Augus 31, 2015 was $504 million, with an increase…

Citrix retires XenClient

September 21st, 2015

Citrix on its website announced that it started the End-of-Life process of Citrix XenClient Enterprise, the end of life date will be December 12, 2016.
XenClient consists of two technologies,…

Release: Altaro VM Backup V6

September 9th, 2015

Altaro Software, company specialized in backup for virtualized environments, specifically Microsoft Hyper-V, announced the release of Altaro VM Backup, previously known as Altaro Hyper-V Backup, rebranded to introduce VMware…

Release: CloudPhysics for vSphere

September 9th, 2015

CloudPhysics, provider of a SaaS performance and capacity analytics solution, announced to have released a new version of its SaaS offering allowing now VMware users to preempt and eliminate…

VMware announcements from its annual VMworld US conference

September 2nd, 2015

During its annual VMworld conference held between August 30 and September 3 in San Fransicso VMware made several announcements. During the keynote on Monday several data center related announcements and…

Release: VMware Workstation 12 Pro, Player 12, Fusion 8 and Fusion Pro 8

August 25th, 2015

VMware today released version 12 of its type-2 client hypervisor products for Microsoft Windows: Workstation Pro and Player and version 8 of its client hypervisor products for Mac OSX: Fusion….

Release: Veeam Management Pack v8 for System Center

August 25th, 2015

Veeam today released version 8.0 of its Management Pack for Microsoft System Center Operations Manager (SCOM or OpsMgr). Using this Management Pack customers running Operations Manager to monitor vSphere and…

Release: Oracle VM VirtualBox 5.0

August 24th, 2015

Oracle has released version 5.0 of its type-2 virtualization platform VM VirtualBox. Starting with a public beta in April this year and some more test builds and a release candidate…

Microsoft releases 3rd technical preview of Windows Server 2016 and System Center 2016

August 19th, 2015

Microsoft today announced the release of the 3rd technical preview of the next version of its Server Operating System (Windows Server 2016 TP3) and corresponding management software (System Center…

From VirtualizationMatrix comes WhatMatrix – UPDATED

August 19th, 2015

We quoted several times Virtualization Matrix, the website created to compare the capabilities of the various virtualization platforms on the market such VMware, Microsoft and Citrix.
This idea sparked…

Release: Linux Integration Services Version 4.0 for Hyper-V

August 18th, 2015

Microsoft has released version 4.0. of its Integration Services for Linux. Hyper-V supports both emulated (“legacy”) and Hyper-V-specific (“synthetic”) devices for Linux virtual machines. When a Linux virtual machine…

Monthly Archive