VMware warns about ESX source code public posting
 |
Yesterday Iain Mulholland, Director of VMware Security Response Center, posted a VMware Security Note on Power of Partnership and VMware Security & Compliance official blogs.
Mulholland announced the public posting, on April 23, of a single file, containing VMware ESX source code and commentary from the period between 2003 and 2004.
The company has not officially reported which products could be compromised from this code leak or who might be the origin of the publication.
Due to ESX complexity what is clear is that the level of risk is directly related to what kind of information are contained in the published code.
If the code leaked was more service console level, versus the hypervisor or virtual machine manager (VMM) level code, then this is probably no big deal. However, if the code contains some of the more proprietary stuff, then it is a potential security risk — as well as a competitive risk if someone like Oracle, Red Hat, or Microsoft can capitalize on it.
Said Chris Ward, vice president of consulting and Integration at Greenpages, as crn.com reports.
Yesterday, April 23, 2012, our security team became aware of the public posting of a single file from the VMware ESX source code and the possibility that more files may be posted in the future. The posted code and associated commentary dates to the 2003 to 2004 timeframe.
The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers. VMware proactively shares its source code and interfaces with other industry participants to enable the broad virtualization ecosystem today. We take customer security seriously and have engaged internal and external resources, including our VMware Security Response Center, to thoroughly investigate. We will continue to provide updates to the VMware community if and when additional information is available.
virtualization.info Newest articles
July 24th, 2014
On July 22 Microsoft announced its financial results for the second quarter of 2014.
Total revenue for the quarter ended June 30 was $23.38 billion. Looking at the financials details we…
July 24th, 2014
On July 23, Citrix announced its financial results for second quarter of fiscal year 2014, ended June 30, 2014.
Citrix announced a total revenue of $782 million, for an increase of 7%…
July 23rd, 2014
VMware has released a paper titled:"Reference Architecture for Horizon with View and Virtual SAN". The paper which contains 50 pages contains a reference architecture for VMware Horizon with View virtual…
July 23rd, 2014
The Xen Project, the community which develops the Xen hypervisor under the GNU Public License (GPLv) and which is now part of the Linux foundation has released version 2.0 of…
July 23rd, 2014
On July 22, VMware released the results about its growth for Q2 2014.
VMware, announced a total revenue growth of $1.46 billion, for an increase of 17 percent compared to Q2 2013.
Operating…
July 23rd, 2014
Veeam today released version 7.0 of the Management Pack for monitoring and management of VMware ESX and Microsoft Hyper-V using Microsoft System Center Operations Manager 2012.
New in this release…
July 22nd, 2014
OpenNebula has just released the Beta version of its OpenNebula 4.8, codename “Lemon Slice”, that finally introduces the long awaited support for public clouds providers others than Amazon AWS….
July 21st, 2014
BYOD (Bring Your Own Device) is one of the hot challenges that nowadays enterprises are facing, that’s why AirWatch acquisition, made by VMware earlier this year, is extremely significative together…
July 17th, 2014
VMware has released a paper titled:"VMware Virtual SAN Design and Sizing Guide for Horizon View Virtual Desktop Infrastructures". The paper which contains 16 pages focuses on the definitions, sizing guidelines,…
July 16th, 2014
Citrix has released a technical preview of XenServer codenamed Creedence the next major version of XenServer, which is now at version 6.2. When released this version will probably be version…
July 16th, 2014
The Indian company VMUnify, originated from MindTree’s innovation program, announced this week the general availability of version 3.0 of its homonymous solution for managing Virtual Infrastructure Enterprises, Private or…
July 15th, 2014
vCloud Hybrid Service is VMware’s owned and operated IaaS (Infrastructure as a Service) offering, released in September 2013 in the US only and extended to Europe (UK) in February 2014….
July 10th, 2014
Microsoft has released a paper titled:"Virtualization Fabric Design Considerations Guide". The paper which contains 53 pages helps you to understand how to design a virtualization fabric that is able to…
July 10th, 2014
Gartner has released its annual Magic Quadrant for x86 Server Virtualization Infrastructure, again positioning VMware and Microsoft in the leaders Quadrant. Leaders in this market have a clear strategy and…
Copyright © 2003-2014 virtualization.info. All rights reserved.