VMware warns about ESX source code public posting
 |
Yesterday Iain Mulholland, Director of VMware Security Response Center, posted a VMware Security Note on Power of Partnership and VMware Security & Compliance official blogs.
Mulholland announced the public posting, on April 23, of a single file, containing VMware ESX source code and commentary from the period between 2003 and 2004.
The company has not officially reported which products could be compromised from this code leak or who might be the origin of the publication.
Due to ESX complexity what is clear is that the level of risk is directly related to what kind of information are contained in the published code.
If the code leaked was more service console level, versus the hypervisor or virtual machine manager (VMM) level code, then this is probably no big deal. However, if the code contains some of the more proprietary stuff, then it is a potential security risk — as well as a competitive risk if someone like Oracle, Red Hat, or Microsoft can capitalize on it.
Said Chris Ward, vice president of consulting and Integration at Greenpages, as crn.com reports.
Yesterday, April 23, 2012, our security team became aware of the public posting of a single file from the VMware ESX source code and the possibility that more files may be posted in the future. The posted code and associated commentary dates to the 2003 to 2004 timeframe.
The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers. VMware proactively shares its source code and interfaces with other industry participants to enable the broad virtualization ecosystem today. We take customer security seriously and have engaged internal and external resources, including our VMware Security Response Center, to thoroughly investigate. We will continue to provide updates to the VMware community if and when additional information is available.
virtualization.info Newest articles
March 7th, 2014
In august last year, VMware announced the first public beta of Virtual SAN (VSAN), a software-defined storage tier embedded directly within vSphere 5.5 hypervisor (but licensed separately). It constitutes (with…
March 5th, 2014
Dell has released a paper titled: "Dell Wyse Datacenter for Citrix Graphics Reference Architecture". The paper which contains 47 pages describes a Reference Architecture, covering the design, configuration and implementation…
March 5th, 2014
VMware has released version 4.4. of its centralized image management for Windows desktops with backup and OS migration capabilities: Horizon Mirage. Horizon Mirage uses a layering technology to segment OS,…
March 4th, 2014
Oracle last week released a beta version of the upcoming version 3.3 of its enterprise virtualization solution Oracle VM. Oracle VM is available for both x86 and SPARC with a…
March 3rd, 2014
Cisco has released a paper titled: "FlexPod Datacenter for 2000 Seats of Citrix XenDesktop 7.1 on VMware vSphere 5.1". The paper which contains 275 pages describes a Cisco Validated Design…
March 3rd, 2014
Oracle has released a maintenance update for its virtualization platform VM VirtualBox. The maintenance update includes bug fixes and improves the stability. Version 4.3.6. can be installed on top of…
February 27th, 2014
In these days IBM launched its new hybrid cloud offering called IBM Platform Computing Cloud Service.
The service, that runs on IBM SoftLayer infrastructure, integrates IBM Platform LSF and Platform…
February 25th, 2014
Citrix has released a paper titled:"XenDesktop 7.1 on Hyper-V Hands-on Lab Pilot Guide". The paper which contains 299 pages provides hands-on experience with the configuration and operation of XenDesktop 7.1…
February 25th, 2014
Citrix has released version 2.2. of its cloud services delivery and business management platform CloudPortal Business Manager. Version 2.2. is the follow-up of version 2.1. which was released in September…
February 25th, 2014
VMware has released a paper titled:"VMware Horizon Mirage Branch Office Reference Architecture". The paper which contains 28 pages covers a reference architecture for VMware Horizon Mirage. Horizon Mirage provides centralized…
February 25th, 2014
VMware vCloud Hybrid Service is the VMware’s owned and operated public Infrastructure as a Service (IaaS) service, launched in 2013 in US only ,was running in beta on a single…
February 20th, 2014
Microsoft has released a free eBook titled: "Microsoft System Center: Building a Virtualized Network Solution". The book is written by Nigel Cain, Alvin Morales, Michel Luescher, Damian Flynn and Mitch…
February 19th, 2014
The Xen Project, the community which develops the Xen hypervisor under the GNU General Public License (GPLv2) and which is now transferred from Citrix to the Linux Foundation, today…
February 17th, 2014
Catbird has released version 6.0 of Catbird, a rebranded name for which was known as the vSecurity products. In the past, Catbird released the products for several hypervisors, like ESXi…
Copyright © 2003-2014 virtualization.info. All rights reserved.