VMware warns about ESX source code public posting
 |
Yesterday Iain Mulholland, Director of VMware Security Response Center, posted a VMware Security Note on Power of Partnership and VMware Security & Compliance official blogs.
Mulholland announced the public posting, on April 23, of a single file, containing VMware ESX source code and commentary from the period between 2003 and 2004.
The company has not officially reported which products could be compromised from this code leak or who might be the origin of the publication.
Due to ESX complexity what is clear is that the level of risk is directly related to what kind of information are contained in the published code.
If the code leaked was more service console level, versus the hypervisor or virtual machine manager (VMM) level code, then this is probably no big deal. However, if the code contains some of the more proprietary stuff, then it is a potential security risk — as well as a competitive risk if someone like Oracle, Red Hat, or Microsoft can capitalize on it.
Said Chris Ward, vice president of consulting and Integration at Greenpages, as crn.com reports.
Yesterday, April 23, 2012, our security team became aware of the public posting of a single file from the VMware ESX source code and the possibility that more files may be posted in the future. The posted code and associated commentary dates to the 2003 to 2004 timeframe.
The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers. VMware proactively shares its source code and interfaces with other industry participants to enable the broad virtualization ecosystem today. We take customer security seriously and have engaged internal and external resources, including our VMware Security Response Center, to thoroughly investigate. We will continue to provide updates to the VMware community if and when additional information is available.
virtualization.info Newest articles
January 28th, 2015
On January 27, VMware released the financial results for the third quarter and full year 2014.
The revenues for the fourth quarter were $1.70 billion for an increase of 15% compared…
January 27th, 2015
Cloud computing startup called Ravello Systems announces to have secured $28 million funding and to have boost a total of $54 million capital led by Qualcomm Incorporated, through its…
January 22nd, 2015
In October last year, Amazon released the AWS System Manager for Microsoft System Center Virtual Machine Manager (SCVMM). AWS System Manager is an add-in for SCVMM which allows customers to…
January 22nd, 2015
VMware has announced that later this quarter it will release an updated disaster recovery solution for its IaaS solution vCloud Air (formerly vCloud Hybrid Service). The solution which will be…
January 20th, 2015
Cisco and VMware have released a paper titled: "Cisco Unified Computing System with VMware Horizon 6 with View and Virtual SAN". The paper which contains 59 pages describes a reference…
January 19th, 2015
The Xen Project, the community which develops the Xen hypervisor under the GNU General Public License (GPLv2) last week announced the availability version 4.5 of the Xen Hypervisor. With major…
January 15th, 2015
Microsoft, together with partner Persistent Systems has developed and released a tool which helps customers to move complete Infrastructure as a Service (Iaas) deployments from one Microsoft datacenter to…
January 15th, 2015
Before and during its annual Summit partner conference, held on January 13 and 14, Citrix made several announcements. First of all Citrix announced the acquisition of Sanbolic, which virtualization.info already…
January 13th, 2015
Citrix today announced the next version of its virtualization platform XenServer which is a commercial product based on the open-source Xen Project hypervisor. XenServer 6.5 will be the follow up…
January 12th, 2015
Citrix today announced that its has completed its acquisition of Sanbolic. Sanbolic which has a product called Sanbolic Scale-Out Platform which can be seen as an aggregation of both local…
January 12th, 2015
Two years ago, Project Virtual Reality Check (VRC) started a survey asking participants to provide more insight in the non-technical issues related to Virtual Desktop Infrastructure (VDI) and Server Based…
January 9th, 2015
VMware has released a reviewers guide for its End User Computing solution Horizon version 5. The paper titled: "VMware Mirage 5.0 Reviewer’s Guide" contains 209 pages and allows readers to…
January 9th, 2015
Microsoft yesterday announced several updates to its Microsoft Azure cloud platform. Updates include the availability of the new G-series type of VM’s, the availability of Ubuntu image with a…
January 7th, 2015
As we know IBM and Red Hat have a story of collaboration behind its back and they have been working lately together on various projects, the latest announcement they made…
Copyright © 2003-2015 virtualization.info. All rights reserved.