VMware warns about ESX source code public posting

Posted by Massimo Ferrari   |   Wednesday, April 25th, 2012   |  

Yesterday Iain Mulholland, Director of VMware Security Response Center, posted a VMware Security Note on Power of Partnership and VMware Security & Compliance official blogs.

Mulholland announced the public posting, on April 23, of a single file, containing VMware ESX source code and commentary from the period between 2003 and 2004.

The company has not officially reported which products could be compromised from this code leak or who might be the origin of the publication.

Due to ESX complexity what is clear is that the level of risk is directly related to what kind of information are contained in the published code.

If the code leaked was more service console level, versus the hypervisor or virtual machine manager (VMM) level code, then this is probably no big deal. However, if the code contains some of the more proprietary stuff, then it is a potential security risk — as well as a competitive risk if someone like Oracle, Red Hat, or Microsoft can capitalize on it.

Said Chris Ward, vice president of consulting and Integration at Greenpages, as crn.com reports.

Yesterday, April 23, 2012, our security team became aware of the public posting of a single file from the VMware ESX source code and the possibility that more files may be posted in the future. The posted code and associated commentary dates to the 2003 to 2004 timeframe.

The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers. VMware proactively shares its source code and interfaces with other industry participants to enable the broad virtualization ecosystem today. We take customer security seriously and have engaged internal and external resources, including our VMware Security Response Center, to thoroughly investigate. We will continue to provide updates to the VMware community if and when additional information is available.



blog comments powered by Disqus


virtualization.info Newest articles
Paper: Cisco UCS C240-M3 Rack Server with NVIDIA GRID GPU cards on Citrix XenServer 6.2 and XenDesktop 7.5

October 21st, 2014

Cisco has released a paper titled: “Cisco UCS C240-M3 Rack Server with NVIDIA GRID GPU cards on Citrix XenServer 6.2 and XenDesktop 7.5“.
The paper which contains 38 pages will…

Microsoft announces updates to its public and private cloud portfolio

October 20th, 2014

Microsoft today announced several upcoming features to both its public Microsoft Azure services, as its private cloud solution based on Windows Server and System Center. CEO Satya Nadella stated that…

OpenStack releases the 10th version of its IaaS platform called Juno

October 20th, 2014

OpenStack, the open source cloud computing project has released its 10th version of its IaaS platform for public, private and hybrid clouds. This version has 342 new features and…

VMware decides to disable TPS in future ESXi releases by default

October 17th, 2014

In a knowledge base article titled: “Security considerations and disallowing inter-Virtual Machine Transparent Page Sharing (2080735)” published on October 16th, VMware states that it will disable the Transparant Page Sharing…

Paper: Citrix Virtual Desktop Handbook 7.x

October 16th, 2014

Based on the recent releases of Citrix XenApp and XenDesktop 7.6, Citrix has updated its design guidance called the "Citrix Virtual Desktop Handbook 7.x". The handbook which contains 202 pages…

VMware announces vRealize Log Insight 2.5

October 16th, 2014

VMware has announced the release of version 2.5 of its log aggregation, management and analysis product Log Insight. This version will be the follow up of version 2.0 which was…

Release: Oracle VM VirtualBox 4.3.18

October 16th, 2014

Oracle has released a new version of its virtualization platform VM Virtualbox. Version 4.3.18 is considered a maintenance release which can be installed on top of version 4.3. The update…

Paper: Performance and Scalability of Microsoft SQL Server on VMware vSphere 5.5

October 16th, 2014

VMware has released a paper titled: "Performance and Scalability of Microsoft SQL Server on VMware vSphere 5.5". The Paper which contains 33 pages demonstrates that large Microsoft SQL Server databases…

Paper: Microsoft Exchange Server Performance on VMware Virtual SAN

October 16th, 2014

VMware has released a paper titled: "Microsoft Exchange Server Performance on VMware Virtual SAN". The paper which contains 9 pages shows the results of performance tests of Microsoft Exchange Server…

Microsoft announces support for Docker container virtualization for next version of Windows Server

October 15th, 2014

Microsoft has announced that it will support for Docker in its next version of Windows Server. Docker which provides a so called container virtualization solution currently receives a lot of…

Paper: Achieving Over 1-Million IOPS from Hyper-V VMs in a Scale-Out File Server Cluster Using Windows Server 2012 R2

October 15th, 2014

Microsoft has released a paper titled:"Achieving Over 1-Million IOPS from Hyper-V VMs in a Scale-Out File Server Cluster Using Windows Server 2012 R2". The paper which contains 24 pages demonstrates…

VMworld Europe 2014 Wrap-Up

October 15th, 2014

VMworld Europe 2014 in Barcelona has seen Pat Gelsinger (VMware CEO), Bill Fathers (EVP and GM, Hybrid Cloud Services Business Unit) and Sanjay Poonen (EVP and GM, End-User Computing) in…

Release: Microsoft Virtual Machine Converter 3.0

October 14th, 2014

Microsoft has released version 3.0 of its converter tool from the VMware platform to Hyper-V and Windows Azure, the Microsoft Virtual Machine Converter (MVMC). Version 3.0 is the follow-up of…

Paper: VMware Mirage Large-Scale Reference Architecture

October 13th, 2014

VMware has released a paper titled: "VMware Mirage Large-Scale Reference Architecture". The paper, which contains 30 pages is a provides a reference architecture and real-world testing results for image management,…

 
Monthly Archive