VMware warns about ESX source code public posting

Posted by Massimo Ferrari   |   Wednesday, April 25th, 2012   |  

Yesterday Iain Mulholland, Director of VMware Security Response Center, posted a VMware Security Note on Power of Partnership and VMware Security & Compliance official blogs.

Mulholland announced the public posting, on April 23, of a single file, containing VMware ESX source code and commentary from the period between 2003 and 2004.

The company has not officially reported which products could be compromised from this code leak or who might be the origin of the publication.

Due to ESX complexity what is clear is that the level of risk is directly related to what kind of information are contained in the published code.

If the code leaked was more service console level, versus the hypervisor or virtual machine manager (VMM) level code, then this is probably no big deal. However, if the code contains some of the more proprietary stuff, then it is a potential security risk — as well as a competitive risk if someone like Oracle, Red Hat, or Microsoft can capitalize on it.

Said Chris Ward, vice president of consulting and Integration at Greenpages, as crn.com reports.

Yesterday, April 23, 2012, our security team became aware of the public posting of a single file from the VMware ESX source code and the possibility that more files may be posted in the future. The posted code and associated commentary dates to the 2003 to 2004 timeframe.

The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers. VMware proactively shares its source code and interfaces with other industry participants to enable the broad virtualization ecosystem today. We take customer security seriously and have engaged internal and external resources, including our VMware Security Response Center, to thoroughly investigate. We will continue to provide updates to the VMware community if and when additional information is available.



blog comments powered by Disqus


virtualization.info Newest articles
Microsoft announces Q2 2014 earnings

July 24th, 2014

On July 22 Microsoft announced its financial results for the second quarter of 2014.
Total revenue for the quarter ended June 30 was $23.38 billion. Looking at the financials details we…

Citrix announces Q2 2014 earnings

July 24th, 2014

On July 23, Citrix announced its financial results for second quarter of fiscal year 2014, ended June 30, 2014.
Citrix announced a total revenue of $782 million, for an increase of 7%…

Paper: Reference Architecture for Horizon with View and Virtual SAN

July 23rd, 2014

VMware has released a paper titled:"Reference Architecture for Horizon with View and Virtual SAN". The paper which contains 50 pages contains a reference architecture for VMware Horizon with View virtual…

Xen Project releases Mirage OS 2.0

July 23rd, 2014

The Xen Project, the community which develops the Xen hypervisor under the GNU Public License (GPLv) and which is now part of the Linux foundation has released version 2.0 of…

VMware results for Q2 2014

July 23rd, 2014

On July 22, VMware released the results about its growth for Q2 2014.
VMware, announced a total  revenue growth of $1.46 billion, for an increase of 17 percent compared to Q2 2013.
Operating…

Release: Veeam Management Pack for System Center Operations Manager 7.0

July 23rd, 2014

Veeam today released version 7.0 of the Management Pack for monitoring and management of VMware ESX and Microsoft Hyper-V using Microsoft System Center Operations Manager 2012.
New in this release…

OpenNebula 4.8 Beta introduces support for Azure and SoftLayer

July 22nd, 2014

OpenNebula has just released the Beta version of its OpenNebula 4.8, codename “Lemon Slice”, that finally introduces the long awaited support for public clouds providers others than Amazon AWS….

Video: VMware Horizon 6 and AirWatch

July 21st, 2014

BYOD (Bring Your Own Device) is one of the hot challenges that nowadays enterprises are facing, that’s why AirWatch acquisition, made by VMware earlier this year, is extremely significative together…

Paper: VMware Virtual SAN Design and Sizing Guide for Horizon View Virtual Desktop Infrastructures

July 17th, 2014

VMware has released a paper titled:"VMware Virtual SAN Design and Sizing Guide for Horizon View Virtual Desktop Infrastructures". The paper which contains 16 pages focuses on the definitions, sizing guidelines,…

Citrix releases Tech Preview of next version of XenServer

July 16th, 2014

Citrix has released a technical preview of XenServer codenamed Creedence the next major version of XenServer, which is now at version 6.2. When released this version will probably be version…

Release: VMUnify v3.0

July 16th, 2014

The Indian company VMUnify, originated from MindTree’s innovation program, announced this week the general availability of version 3.0 of its homonymous solution for managing Virtual Infrastructure Enterprises, Private or…

VMware announces general availability of vCloud Hybrid Service in Asia-Pacific region

July 15th, 2014

vCloud Hybrid Service is VMware’s owned and operated IaaS (Infrastructure as a Service) offering, released in September 2013 in the US only and extended to Europe (UK) in February 2014….

Paper: Virtualization Fabric Design Considerations Guide

July 10th, 2014

Microsoft has released a paper titled:"Virtualization Fabric Design Considerations Guide". The paper which contains 53 pages helps you to understand how to design a virtualization fabric that is able to…

Gartner releases its 2014 Magic Quadrant for x86 Server Virtualization Infrastructure

July 10th, 2014

Gartner has released its annual Magic Quadrant for x86 Server Virtualization Infrastructure, again positioning VMware and Microsoft in the leaders Quadrant. Leaders in this market have a clear strategy and…

 
Monthly Archive