VMware warns about ESX source code public posting

Posted by Massimo Ferrari   |   Wednesday, April 25th, 2012   |  

Yesterday Iain Mulholland, Director of VMware Security Response Center, posted a VMware Security Note on Power of Partnership and VMware Security & Compliance official blogs.

Mulholland announced the public posting, on April 23, of a single file, containing VMware ESX source code and commentary from the period between 2003 and 2004.

The company has not officially reported which products could be compromised from this code leak or who might be the origin of the publication.

Due to ESX complexity what is clear is that the level of risk is directly related to what kind of information are contained in the published code.

If the code leaked was more service console level, versus the hypervisor or virtual machine manager (VMM) level code, then this is probably no big deal. However, if the code contains some of the more proprietary stuff, then it is a potential security risk — as well as a competitive risk if someone like Oracle, Red Hat, or Microsoft can capitalize on it.

Said Chris Ward, vice president of consulting and Integration at Greenpages, as crn.com reports.

Yesterday, April 23, 2012, our security team became aware of the public posting of a single file from the VMware ESX source code and the possibility that more files may be posted in the future. The posted code and associated commentary dates to the 2003 to 2004 timeframe.

The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers. VMware proactively shares its source code and interfaces with other industry participants to enable the broad virtualization ecosystem today. We take customer security seriously and have engaged internal and external resources, including our VMware Security Response Center, to thoroughly investigate. We will continue to provide updates to the VMware community if and when additional information is available.



blog comments powered by Disqus


virtualization.info Newest articles
Release: Red Hat CloudForms 3.2

May 20th, 2015

Red Hat yesterday announced the release of version 3.2. of its cloud management software, CloudForms. CloudForms allows the management of hypervisors from Red Hat, VMware and Microsoft as well as…

Gartner predicts that Worldwide Cloud IaaS spending will grow around 33 percent is 2015

May 20th, 2015

Besides releasing their annual Magic Quadrant for Cloud Infrastructure as a Service, research and consulting firm Gartner also made some predicitons about the growth of Cloud Infrastructure as a Service…

Gartner releases its Magic Quadrant for Cloud Infrastructure as a Service for 2015

May 20th, 2015

Gartner this week updated its Magic Quadrant for Cloud Infrastructure as a Service (IaaS) for the year 2015. The Magic Qudrant for 2014 was released in May last year (covered…

Red Hat announces the Cloud Suite for Applications

May 19th, 2015

Red Hat yesterday announced a new Suite which bundles its cloud portfolio to manage both Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) workloads. The suite, which…

VMware announces new SaaS offering for building, delivering and managing desktops and applications

May 18th, 2015

A day before the start of Citrix annual Synergy conference, rival VMware announced project Enzo. Project Enzo is the name of a new Software as a Service offering from VMware…

Announcements from Citrix annual Synergy Conference

May 18th, 2015

Last week, Citrix held its annual Synergy conference in Orlando. During the conference Citrix made several announcements which will be summarized in this blogpost.
Citrix Workspace Cloud, which is a…

Is Cisco planning to acquire Nutanix? – UPDATED

May 18th, 2015

Last Friday, Storage Newsletter published an article written by Jared Rinderer a senior research analyst at the Equity Capital Research Group stating that Cisco is planning to acquire Nutanix. While…

Release: Citrix XenServer 6.5 Service Pack 1

May 18th, 2015

During its annual Synergy conference last week, Citrix announced the availability of Service Pack 1 for version 6.5 of its virtualization platform XenServer. Version 6.5 of XenServer was released in…

Infographic: OpenStack adoption in Italy

May 11th, 2015

The IT roadmap throughout the digital transformation process is a journey, long and complex, and must not be underestimated. Like any other journey it starts with a first step which…

.infonews welcomes Alessandro Fontana as a team member

May 11th, 2015

12 years ago, in 2003, virtualization.info started to track virtualization market and, in 2010, cloudcomputing.info was launched as a sister publication with a focus on the cloud computing market.
In…

Microsoft announcements from its annual Ignite conference

May 10th, 2015

Last week, Microsoft held its annual Ignite conference in Chicago, Illinois. Ignite is the new name for a series of technical conferences targeted to IT Professionals, which replaces the…

Release: Update Rollup 6 for Microsoft System Center 2012 R2 and Windows Azure Pack – UPDATED

April 30th, 2015

Microsoft has released Update Rollup 6 for the following products within the System Center 2012 R2 suite: Service Manager (SCSM), Operations Manager (SCOM), Virtual Machine Manager (SCVMM) and Service…

Citrix announces Q1 2015 results

April 28th, 2015

Citrix announced its financial results for first quarter 2015.
The revenues for the first quarter were $761 million for an increase of 1% compared to Q1 2014.
Net income was $29…

VMware results for Q1 2015

April 28th, 2015

VMware released the results about its growth for Q1 2015.
VMware, announced a total  revenue growth of $1.51 billion, for an increase of 11 percent compared to Q1 2014. License revenues were…

 
Monthly Archive