VMware warns about ESX source code public posting

Posted by Massimo Ferrari   |   Wednesday, April 25th, 2012   |  

Yesterday Iain Mulholland, Director of VMware Security Response Center, posted a VMware Security Note on Power of Partnership and VMware Security & Compliance official blogs.

Mulholland announced the public posting, on April 23, of a single file, containing VMware ESX source code and commentary from the period between 2003 and 2004.

The company has not officially reported which products could be compromised from this code leak or who might be the origin of the publication.

Due to ESX complexity what is clear is that the level of risk is directly related to what kind of information are contained in the published code.

If the code leaked was more service console level, versus the hypervisor or virtual machine manager (VMM) level code, then this is probably no big deal. However, if the code contains some of the more proprietary stuff, then it is a potential security risk — as well as a competitive risk if someone like Oracle, Red Hat, or Microsoft can capitalize on it.

Said Chris Ward, vice president of consulting and Integration at Greenpages, as crn.com reports.

Yesterday, April 23, 2012, our security team became aware of the public posting of a single file from the VMware ESX source code and the possibility that more files may be posted in the future. The posted code and associated commentary dates to the 2003 to 2004 timeframe.

The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers. VMware proactively shares its source code and interfaces with other industry participants to enable the broad virtualization ecosystem today. We take customer security seriously and have engaged internal and external resources, including our VMware Security Response Center, to thoroughly investigate. We will continue to provide updates to the VMware community if and when additional information is available.



blog comments powered by Disqus


virtualization.info Newest articles
Citrix CEO Mark Templeton plans to retire

July 30th, 2015

On July 28 Citrix disclosed that Mark Templeton, the company CEO, has plans to retire after over 20 years of service, an unexpected news that drew attention on the next…

Citrix announces Q2 2015 results

July 30th, 2015

Citrix announced its financial results for second quarter 2015.
The revenues for the second quarter were $797 million for an increase of 2% compared to Q2 2014.
Net income was $103…

VMware announces results for Q2 2015

July 24th, 2015

VMware released the results about its results for Q2 2015.
VMware, announced a GAAP total revenue growth of $1.52 billion, for an increase of 4 percent compared to Q2 2014. License revenues…

Gartner releases its 2015 Magic Quadrant for x86 Server Virtualization Infrastructure

July 21st, 2015

Gartner released its Magic Quadrant for x86 Server Virtualization Infrastructure for year 2015, once more positioning VMware and Microsoft in the leaders Quadrant.
No surprises in the leaders quadrant, as…

Release: Parallels Mac Management 4.0 for Microsoft SCCM

July 21st, 2015

Parallels announced the availability of Parallels Mac Management 4.0 for Microsoft System Center Configuration Manager (SCCM), extending its range of capabilities to Mac computers.
This new release increases the flexibility…

Avast Software Acquires Remotium

July 10th, 2015

On July 8, Avast Software, a Czech private limited company provider of antivirus and security software products announced to have acquired Silicon Valley based Remotium, a company founded in…

Release: Oracle VM VirtualBox 5.0 Candidate 1 (RC1)

July 8th, 2015

Oracle has announced to have released version 5.0 Candidate 1 (RC1) for its virtualization platform VM VirtualBox. The release brings enhancement and bug fixes to the previous versions, improving stability…

IBM announces Docker Based Container Services

July 1st, 2015

Containers continue to gain traction, IBM announced the release of enterprise class containers based on Docker and built on its Platform as a Service, Bluemix for hybrid environments. It will…

Release: Xen Project Hypervisor 4.5.1

July 1st, 2015

The Xen Project, the community which develops the Xen hypervisor under the GNU General Public License (GPLv2) announced the availability of a new maintenance release, version 4.5.1 of the Xen…

Red Hat Summit 2015 Wrap-up

June 29th, 2015

Last week, Red Hat held its premiere event in Boston, Massachusetts from June 23 to 26, the Red Hat Summit,  where several announcements have been made.
The summit offered over…

Midokura expands OpenStack Team with Takashi Yamamoto

June 29th, 2015

Network virtualization is one of the hot topics within the OpenStack community. Last week japanese startup Midokura focused on network virtualization announced the assignment of Takashi Yamamoto as OpenStack…

Red Hat announces Q1 2015 earnings

June 24th, 2015

On June 18 Red Hat announced its financial results for its fiscal year 2016 and for the first quarter of 2015.
Total revenue for the first quarter ended May 31,…

Rancher Labs raises $10M in Series A funding

June 11th, 2015

Rancher Labs is a startup providing management on top of the Docker containers, today the company has announced that it has raised $10 million in a series A funding…

EMC acquires Virtustream

May 26th, 2015

EMC has acquired Virtustream, a Infrastructure as a Service (IaaS) provider originally funded among the others from SAP for 1.2 billion US dollars. Virtustream also provides a Cloud Management Platform…

 
Monthly Archive