VMware warns about ESX source code public posting

Posted by Massimo Ferrari   |   Wednesday, April 25th, 2012   |  

Yesterday Iain Mulholland, Director of VMware Security Response Center, posted a VMware Security Note on Power of Partnership and VMware Security & Compliance official blogs.

Mulholland announced the public posting, on April 23, of a single file, containing VMware ESX source code and commentary from the period between 2003 and 2004.

The company has not officially reported which products could be compromised from this code leak or who might be the origin of the publication.

Due to ESX complexity what is clear is that the level of risk is directly related to what kind of information are contained in the published code.

If the code leaked was more service console level, versus the hypervisor or virtual machine manager (VMM) level code, then this is probably no big deal. However, if the code contains some of the more proprietary stuff, then it is a potential security risk — as well as a competitive risk if someone like Oracle, Red Hat, or Microsoft can capitalize on it.

Said Chris Ward, vice president of consulting and Integration at Greenpages, as crn.com reports.

Yesterday, April 23, 2012, our security team became aware of the public posting of a single file from the VMware ESX source code and the possibility that more files may be posted in the future. The posted code and associated commentary dates to the 2003 to 2004 timeframe.

The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers. VMware proactively shares its source code and interfaces with other industry participants to enable the broad virtualization ecosystem today. We take customer security seriously and have engaged internal and external resources, including our VMware Security Response Center, to thoroughly investigate. We will continue to provide updates to the VMware community if and when additional information is available.



blog comments powered by Disqus


virtualization.info Newest articles
Nutanix raises $140 million in Series E funding

September 1st, 2014

Nutanix, provider of web-scale IT infrastructure to medium and large enterprises with its software-driven Virtual Computing Platform, announced to have raised $140 million in a Series E funding over…

VMworld 2014 Wrap-Up: End User Computing Announcements

September 1st, 2014

The first day at VMworld 2014 was all about the new vCloud Air catalog and VMware’s “we are all open source folks” strategy but progressing in the event has also…

VMworld 2014 Wrap-Up: VMware vCloud Air Announcements

September 1st, 2014

Just before the beginning of VMworld 2014 VMware announced the rebranding of its owned and operated public Infrastructure as a Service (IaaS) service vCloud Hybrid Service (vCHS) into the more…

Red Hat’s CTO resigns

August 29th, 2014

On August 27 Red Hat disclosed that Brian Stevens, the company CTO, has resigned after over 12 years of service, an unexpected news that drew open-source community attention on the…

Release: VMware Site Recovery Manager 5.8 and vSphere Data Protection 5.8

August 25th, 2014

Among the announcements made today at the VMworld 2014 in San Francisco, there are two new releases. VMware disclosed the delivery of new version of its Disaster Recovery and Backup…

Release: VMware NSX 6.1

August 25th, 2014

Today at VMworld 2014 VMware showcased version 6.1 of its network virtualization platform: NSX.
Launched last year at VMworld 2013 NSX is the result of Nicira acquisition and now VMware…

VMware announces EVO:RAIL

August 25th, 2014

I’m not a huge fan of converged infrastructure solutions but a lot of companies love the simplicity and the initial agility of such implementations, that has led to the relative…

VMware launches VMware vRealize Suite

August 25th, 2014

First day at VMworld 2014 in San Francisco, if the tradition is respected most of the big news will come out today, a good example is the announcement of the…

VMware announces updates in Executive Responsibilities

August 22nd, 2014

VMware announced an administrative transformation in order to stimulate technology innovation, to boost its focus on customers, and develop operational effectiveness across the organization.

VMware’s president, Carl Eschenbach who joined…

VMware launches VMware vCloud Air Network program

August 21st, 2014

All the major vendors in the cloud computing market are investing in their hybrid cloud programs, VMware is no exception and today has launched the new VMware vCloud Air Network…

Citrix announces XenApp and XenDesktop 7.6

August 21st, 2014

This week Citrix announced the upcoming 7.6 version of its Virtual Desktop Infrastructure (VDI) product XenDesktop and desktop and virtualization product XenApp.
XenApp product returned in version 7.5 since it…

Red Hat introduces RHEL OpenStack Platform evaluation OVA

August 21st, 2014

Red Hat is putting a lot of effort in its OpenStack distribution that reached version 5 in July introducing the Icehouse OpenStack release.
The Raleigh open source giant has just…

VMware acquires CloudVolumes

August 20th, 2014

Application containerization is one of the hot topics of 2014, the idea of abstracting applications from the underlying OSes is intriguing and suggests a more simple and agile way to…

Release: Parallels Desktop 10 for Mac

August 20th, 2014

Today Parallels announced the availability of version 10 of its desktop virtualization platform for Mac: Parallels Desktop.
The new release obviously includes the support for OS X 10.10 Yosemite, better…

 
Monthly Archive