VMware warns about ESX source code public posting
 |
Yesterday Iain Mulholland, Director of VMware Security Response Center, posted a VMware Security Note on Power of Partnership and VMware Security & Compliance official blogs.
Mulholland announced the public posting, on April 23, of a single file, containing VMware ESX source code and commentary from the period between 2003 and 2004.
The company has not officially reported which products could be compromised from this code leak or who might be the origin of the publication.
Due to ESX complexity what is clear is that the level of risk is directly related to what kind of information are contained in the published code.
If the code leaked was more service console level, versus the hypervisor or virtual machine manager (VMM) level code, then this is probably no big deal. However, if the code contains some of the more proprietary stuff, then it is a potential security risk — as well as a competitive risk if someone like Oracle, Red Hat, or Microsoft can capitalize on it.
Said Chris Ward, vice president of consulting and Integration at Greenpages, as crn.com reports.
Yesterday, April 23, 2012, our security team became aware of the public posting of a single file from the VMware ESX source code and the possibility that more files may be posted in the future. The posted code and associated commentary dates to the 2003 to 2004 timeframe.
The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers. VMware proactively shares its source code and interfaces with other industry participants to enable the broad virtualization ecosystem today. We take customer security seriously and have engaged internal and external resources, including our VMware Security Response Center, to thoroughly investigate. We will continue to provide updates to the VMware community if and when additional information is available.
virtualization.info Newest articles
December 6th, 2013
VMware has released the RDP VC Bridge SDK. This SDK is intended for ISVs who have applications that today run on Microsoft RDP using the RDP WTS APIs.
By simply…
December 4th, 2013
VMware yesterday announced that the VMware vCloud Hybrid Service now supports Direct Connect. Direct Connect offers a dedicated and secure private line connection in addition to IPsec VPN which is…
December 3rd, 2013
Helge Klein, which we know from tools such as SetACL, SetACL studio and Delprof2 has released a Splunk agent for Windows called the uberAgent for Splunk. The agent is capable…
December 3rd, 2013
In June 2012 Google revealed its IaaS (Infrastructure as a Service) offering, called Google Compute Engine (GCE), with the beginning of this December the service is finally Generally Available (GA),…
December 3rd, 2013
In June this year Microsoft released the betas for App-V 5.0 SP2 and UE-V 2.0. Both products are now released within the Microsoft Desktop Optimization Pack (MDOP) 2013 R2, which…
November 29th, 2013
Log Insight is VMware’s product for log management and analysis, introduced in June and quickly updated in the following months in order to be competitive on this market that sees…
November 27th, 2013
Microsoft has made available for download a new free eBook titled:”Microsoft System Center: Cloud Management with App Controller“. The book which contains 104 pages provides an introduction to implementing and…
November 26th, 2013
Citrix has released a Technical Preview of a new connector for XenDesktop. This connector will enable customers to use System Center Configuration Manager (ConfigMgr) to deploy application to a XenDesktop…
November 26th, 2013
In august this year, VMware announced the first public beta of Virtual SAN. Today VMware announced a new version of the beta being available. Virtual SAN is a software-defined storage…
November 25th, 2013
Red Hat has released version 6.5. of its Enterprise Linux (RHEL) Linux-based Operating System. The OS is released in server versions for x86, x86-64, Itanium, PowerPC and IBM System z….
November 22nd, 2013
VMware today released version 5.3 of its Virtual Desktop Infrastructure (VDI) product Horizon View. With this release, VMware also updated the View clients to version 2.2.
Version 3.5 was announced…
November 22nd, 2013
Pivotal CF is the commercially supported hybrid Platfor-as-a-Service (PaaS) based on Cloud Foundry, technology launched by VMware in 2011 and moved to Pivotal in this April as part of…
November 22nd, 2013
Just a week after releasing a free version of their security product for Microsoft Hyper-V called Security for Microsoft Hyper-V with built in Security and Compliance scanner, 5nine released version…
November 20th, 2013
Catbird is a well-known security player in the virtualization market with its vSecurity product able to proactively secure the virtual network and guest operating systems by analyzing and responding to…
Copyright © 2003-2013 virtualization.info. All rights reserved.