VMware warns about ESX source code public posting

Posted by Massimo Ferrari   |   Wednesday, April 25th, 2012   |  

Yesterday Iain Mulholland, Director of VMware Security Response Center, posted a VMware Security Note on Power of Partnership and VMware Security & Compliance official blogs.

Mulholland announced the public posting, on April 23, of a single file, containing VMware ESX source code and commentary from the period between 2003 and 2004.

The company has not officially reported which products could be compromised from this code leak or who might be the origin of the publication.

Due to ESX complexity what is clear is that the level of risk is directly related to what kind of information are contained in the published code.

If the code leaked was more service console level, versus the hypervisor or virtual machine manager (VMM) level code, then this is probably no big deal. However, if the code contains some of the more proprietary stuff, then it is a potential security risk — as well as a competitive risk if someone like Oracle, Red Hat, or Microsoft can capitalize on it.

Said Chris Ward, vice president of consulting and Integration at Greenpages, as crn.com reports.

Yesterday, April 23, 2012, our security team became aware of the public posting of a single file from the VMware ESX source code and the possibility that more files may be posted in the future. The posted code and associated commentary dates to the 2003 to 2004 timeframe.

The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers. VMware proactively shares its source code and interfaces with other industry participants to enable the broad virtualization ecosystem today. We take customer security seriously and have engaged internal and external resources, including our VMware Security Response Center, to thoroughly investigate. We will continue to provide updates to the VMware community if and when additional information is available.



blog comments powered by Disqus


virtualization.info Newest articles
Release: WinDocks 1.0

April 5th, 2016

Yesterday, Bellevue (WA) based company WinDocks, released version 1.0 of its homonymous Docker engine for Windows.
The company, founded by a small group of former Microsoft’s employees, rides Docker’s…

LANDesk Acquires AppSense

March 17th, 2016

LANDesk Software, founded in 1985 and headquartered in Salt Lake City, Utah , provides systems management, security management, service management, asset management and process management solutions with a strong focus…

Release: Red Hat Enterprise Virtualization 3.6

March 15th, 2016

Last week open source giant Red Hat announced the availability of version 3.6 of its KVM-based virtualization platform Red Hat Enterprise Virtualization (RHEV).
While this new release provides the expected…

Docker acquires Conductant

March 4th, 2016

Yesterday Docker announced to have acquired a semi-stealth startup called Conductant, focused on workloads orchestration.

Both Conductant’s founders, Bill Farner and David Chung, have significant enterprise experience coming from…

Cisco acquires CliQr

March 1st, 2016

Today Cisco announced the intent to acquire CliQr Technologies Inc., a privately held company based in San Jose, CA.
CliQr is one of the most promising startups in the Cloud…

Release: VMware vCloud Suite 7 and vRealize Suite 7

February 11th, 2016

Yesterday VMware announced version 7 of both its vCloud and vRealize suites, confirming its efforts to be relevant in the CMPs (Cloud Management Platforms) space.
vRealize Suite 7 is made…

Platform9 adds Multi-Region & Multi-Hypervisor management into Managed OpenStack

February 11th, 2016

Platform9 solutions leverages a mix of SaaS and on premises Virtual Appliance to provide into supported environments capabilities typical of Cloud Management Platforms (CMPs) such self-service provisioning, monitoring, configuration…

VMware announces vRealize Log Insight 3.3

February 10th, 2016

Log Insight is a log aggregation, management and analisys tool, that VMware first introduced in 2013 and now is fiercely competing against Splunk.
Today the company announced Log Insight 3.3…

Microsoft releases Azure Stack TP1

February 1st, 2016

During Ignite 2015, back in September, Microsoft announced Microsoft Azure Stack as the building block for its hybrid cloud strategy.
What Microsoft is saying with this move is that, despite…

Release: Ansible 2.0

January 14th, 2016

Ansible is an IT automation tool especially popular within the developers’ community, thanks to its simplicity and agentless nature.
Three months away from its acquisition by Red Hat the company announced…

Nutanix goes Public

December 23rd, 2015

Nutanix is a provider of converged infrastructure, basically a physical server containing both compute and storage driven by an Installed Hypervisor of choice, this server, called a node can…

Release: VMware vRealize Automation 7 and VMware vRealize Business Standard 7

December 23rd, 2015

Last week VMware finally completed the first major update of VMware vRealize Suite, its well known cloud management solution, releasing in GA both vRealize Automation 7 and vRealize Business Standard…

WhatMatrix.com goes Live

December 15th, 2015

virtualization.info has been following Virtualization Matrix since its early steps and we recently wrote about its crowdsourced-powered heir: WhatMatrix.
Today we are happy to report that its community, formed…

Microsoft loves Red Hat: The business implications

November 18th, 2015

As you may have heard, Microsoft recently announced its “historical” partnership with Red Hat, something that a number of analysts already claimed as a milestone for both companies but especially for…

 
Monthly Archive