VMware warns about ESX source code public posting

Posted by Massimo Ferrari   |   Wednesday, April 25th, 2012   |  

Yesterday Iain Mulholland, Director of VMware Security Response Center, posted a VMware Security Note on Power of Partnership and VMware Security & Compliance official blogs.

Mulholland announced the public posting, on April 23, of a single file, containing VMware ESX source code and commentary from the period between 2003 and 2004.

The company has not officially reported which products could be compromised from this code leak or who might be the origin of the publication.

Due to ESX complexity what is clear is that the level of risk is directly related to what kind of information are contained in the published code.

If the code leaked was more service console level, versus the hypervisor or virtual machine manager (VMM) level code, then this is probably no big deal. However, if the code contains some of the more proprietary stuff, then it is a potential security risk — as well as a competitive risk if someone like Oracle, Red Hat, or Microsoft can capitalize on it.

Said Chris Ward, vice president of consulting and Integration at Greenpages, as crn.com reports.

Yesterday, April 23, 2012, our security team became aware of the public posting of a single file from the VMware ESX source code and the possibility that more files may be posted in the future. The posted code and associated commentary dates to the 2003 to 2004 timeframe.

The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers. VMware proactively shares its source code and interfaces with other industry participants to enable the broad virtualization ecosystem today. We take customer security seriously and have engaged internal and external resources, including our VMware Security Response Center, to thoroughly investigate. We will continue to provide updates to the VMware community if and when additional information is available.



blog comments powered by Disqus


virtualization.info Newest articles
Red Hat Summit 2015 Wrap-up

June 29th, 2015

Last week, Red Hat held its premiere event in Boston, Massachusetts from June 23 to 26, the Red Hat Summit,  where several announcements have been made.
The summit offered over…

Midokura expands OpenStack Team with Takashi Yamamoto

June 29th, 2015

Network virtualization is one of the hot topics within the OpenStack community. Last week japanese startup Midokura focused on network virtualization announced the assignment of Takashi Yamamoto as OpenStack…

Red Hat announces Q1 2015 earnings

June 24th, 2015

On June 18 Red Hat announced its financial results for its fiscal year 2016 and for the first quarter of 2015.
Total revenue for the first quarter ended May 31,…

Rancher Labs raises $10M in Series A funding

June 11th, 2015

Rancher Labs is a startup providing management on top of the Docker containers, today the company has announced that it has raised $10 million in a series A funding…

EMC acquires Virtustream

May 26th, 2015

EMC has acquired Virtustream, a Infrastructure as a Service (IaaS) provider originally funded among the others from SAP for 1.2 billion US dollars. Virtustream also provides a Cloud Management Platform…

Release: Midokura Enterprise MidoNet (MEM)

May 25th, 2015

Japanese startup Midokura focused on network virtualization announced the availability of Midokura Enterprise MidoNet (MEM). MidoNet is a scalable network virtualization solution integrated with OpenStack Kilo networking project and…

Release: Red Hat CloudForms 3.2

May 20th, 2015

Red Hat yesterday announced the release of version 3.2. of its cloud management software, CloudForms. CloudForms allows the management of hypervisors from Red Hat, VMware and Microsoft as well as…

Gartner predicts that Worldwide Cloud IaaS spending will grow around 33 percent is 2015

May 20th, 2015

Besides releasing their annual Magic Quadrant for Cloud Infrastructure as a Service, research and consulting firm Gartner also made some predicitons about the growth of Cloud Infrastructure as a Service…

Gartner releases its Magic Quadrant for Cloud Infrastructure as a Service for 2015

May 20th, 2015

Gartner this week updated its Magic Quadrant for Cloud Infrastructure as a Service (IaaS) for the year 2015. The Magic Qudrant for 2014 was released in May last year (covered…

Red Hat announces the Cloud Suite for Applications

May 19th, 2015

Red Hat yesterday announced a new Suite which bundles its cloud portfolio to manage both Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) workloads. The suite, which…

VMware announces new SaaS offering for building, delivering and managing desktops and applications

May 18th, 2015

A day before the start of Citrix annual Synergy conference, rival VMware announced project Enzo. Project Enzo is the name of a new Software as a Service offering from VMware…

Announcements from Citrix annual Synergy Conference

May 18th, 2015

Last week, Citrix held its annual Synergy conference in Orlando. During the conference Citrix made several announcements which will be summarized in this blogpost.
Citrix Workspace Cloud, which is a…

Is Cisco planning to acquire Nutanix? – UPDATED

May 18th, 2015

Last Friday, Storage Newsletter published an article written by Jared Rinderer a senior research analyst at the Equity Capital Research Group stating that Cisco is planning to acquire Nutanix. While…

Release: Citrix XenServer 6.5 Service Pack 1

May 18th, 2015

During its annual Synergy conference last week, Citrix announced the availability of Service Pack 1 for version 6.5 of its virtualization platform XenServer. Version 6.5 of XenServer was released in…

 
Monthly Archive