VMware warns about ESX source code public posting
 |
Yesterday Iain Mulholland, Director of VMware Security Response Center, posted a VMware Security Note on Power of Partnership and VMware Security & Compliance official blogs.
Mulholland announced the public posting, on April 23, of a single file, containing VMware ESX source code and commentary from the period between 2003 and 2004.
The company has not officially reported which products could be compromised from this code leak or who might be the origin of the publication.
Due to ESX complexity what is clear is that the level of risk is directly related to what kind of information are contained in the published code.
If the code leaked was more service console level, versus the hypervisor or virtual machine manager (VMM) level code, then this is probably no big deal. However, if the code contains some of the more proprietary stuff, then it is a potential security risk — as well as a competitive risk if someone like Oracle, Red Hat, or Microsoft can capitalize on it.
Said Chris Ward, vice president of consulting and Integration at Greenpages, as crn.com reports.
Yesterday, April 23, 2012, our security team became aware of the public posting of a single file from the VMware ESX source code and the possibility that more files may be posted in the future. The posted code and associated commentary dates to the 2003 to 2004 timeframe.
The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers. VMware proactively shares its source code and interfaces with other industry participants to enable the broad virtualization ecosystem today. We take customer security seriously and have engaged internal and external resources, including our VMware Security Response Center, to thoroughly investigate. We will continue to provide updates to the VMware community if and when additional information is available.
virtualization.info Newest articles
March 3rd, 2015
VMware has released a paper titled: "VMware vCenter Server 6.0 Deployment Guide". The paper which contains 100 pages covers two new simplified deployment models introduced with version 6. Embedded which…
March 2nd, 2015
On February 24 VMware disclosed that the former chief information officer of Juniper Networks, Bask Iyer, was elected as the new CIO at VMware. Iyer is taking Tony Scott position…
February 27th, 2015
On February 25, Parallels announced that it has acquired 2X Software. 2X Software is a Maltese company, with offices in the United States, Germany, UK, Australia and of course Malta,…
February 27th, 2015
Proxmox Server Solutions GmbH headquartered in Vienna, Austria announced to have released the version 3.4 of Proxmox Virtual Environment, an open source virtualization management solution that leverages KVM technologies. Proxmox joined…
February 17th, 2015
Red Hat today announced the release of version 6 of its OpenStack platform management tool Red Hat Enterprise Linux OpenStack. Version 6 is the follow up of version 5 which…
February 12th, 2015
Yesterday February 11, Red Hat has announced the global availability of version 3.5 of its virtualization platform: Red Hat Enterprise Virtualization (aka RHEV).
RHEV is based on the Kernel-based Virtual Machine (KVM) hypervisor and…
February 12th, 2015
Oracle has released version 3.3.2 of its enterprise virtualizatoin solution. The virtualization solution is available for both x86 and SPARC based processor architectures and uses the Xen hypervisor technology, supporting…
February 12th, 2015
Docker has released version 1.5 of its container virtualization solution. Docker provides so called container virtualization, allowing an application and its dependencies to run as an isolated process inside…
February 12th, 2015
Microsoft has released version 9.1 of its capactiy planning tool the Assessment and Planning Toolkit (MAP). This version is the follow-up of version 9.1 which was released in July…
February 10th, 2015
NIMBOXX a company which creates converged hardware appliances combining storage, server, networking and virtualization technology announced that it has acquired the Virtual Desktop Infrastructure (VDI) technology product VERDE from…
February 6th, 2015
Last week Citrix announced its financial reports for Q4 and Fiscal year 2014, despite the positive results that the company had for full year 2014, the general opinion is that…
February 5th, 2015
Lenovo has published a paper titled:"Reference Architecture: Lenovo Client Virtualization". The paper which contains 44 pages contains a reference architecture for Server Based Computing (SBC) and Virtual Desktop Infrastructure…
February 4th, 2015
Microsoft has published a free ebook titled: “Microsoft Azure Essentials: Fundamentals of Azure“. The book, which contains 246 pages covers the fundamentals of Microsoft Azure’s cloud offering. It concentrates…
February 3rd, 2015
VMware today announced that it has acquired Immidio. Immidio provides several User Environment Management related product: Immidio AppScriber and Immidio Flex+. With the acquisition of Immidio VMware wants to fill…
Copyright © 2003-2015 virtualization.info. All rights reserved.