VMware warns about ESX source code public posting
 |
Yesterday Iain Mulholland, Director of VMware Security Response Center, posted a VMware Security Note on Power of Partnership and VMware Security & Compliance official blogs.
Mulholland announced the public posting, on April 23, of a single file, containing VMware ESX source code and commentary from the period between 2003 and 2004.
The company has not officially reported which products could be compromised from this code leak or who might be the origin of the publication.
Due to ESX complexity what is clear is that the level of risk is directly related to what kind of information are contained in the published code.
If the code leaked was more service console level, versus the hypervisor or virtual machine manager (VMM) level code, then this is probably no big deal. However, if the code contains some of the more proprietary stuff, then it is a potential security risk — as well as a competitive risk if someone like Oracle, Red Hat, or Microsoft can capitalize on it.
Said Chris Ward, vice president of consulting and Integration at Greenpages, as crn.com reports.
Yesterday, April 23, 2012, our security team became aware of the public posting of a single file from the VMware ESX source code and the possibility that more files may be posted in the future. The posted code and associated commentary dates to the 2003 to 2004 timeframe.
The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers. VMware proactively shares its source code and interfaces with other industry participants to enable the broad virtualization ecosystem today. We take customer security seriously and have engaged internal and external resources, including our VMware Security Response Center, to thoroughly investigate. We will continue to provide updates to the VMware community if and when additional information is available.
virtualization.info Newest articles
April 17th, 2014
On April 15 Splunk announced the availability of Splunk App for VMware 3.1, the system that is competing with VMware Log Insight solution to provide administrators with a real-time…
April 15th, 2014
Today Canonical announced the new Ubuntu Linux 14.04 LTS with a press release intriguingly focused on its role as an OpenStack platform.
This release, that will be available on…
April 15th, 2014
VMware vCloud Hybrid Service (vCHS) is the VMware’s owned and operated public Infrastructure as a Service (IaaS) platform, launched in 2013 in the US and extended to Europe in February…
April 11th, 2014
PQR, a dutch technology company has released a paper titled:"3D Graphics for Virtual Desktops Smackdown". The paper which contains 139 pages is written by virtualization experts, Benny Tritsch, Ruben Spruijt,…
April 10th, 2014
Microsoft has announced the release of a preview of Azure Automation. Azure Automation provides an orchestration engine for use within Microsoft Azure. Azure Automation allows you to automate the creation,…
April 10th, 2014
Citrix has released version 5.1 of its client hypervisor XenClient. XenClient consists of two technologies, the XenClient, which is a type-1 client hypervisor running on selected hardware and the XenClient…
April 10th, 2014
In October 2012 Microsoft released version 1.0 of its Virtual Machine Converter tool (MVMC) allowing the conversion of VMware based virtual machines (VM’s) to Hyper-V based VM’s and virtual hard…
April 9th, 2014
VMware vSpere 5.5 was released in September 2013 and introduced a couple of improvements to the networking capabilities of the vSphere platform.
These enhancements could be resumed as follows:
More…
April 9th, 2014
VMware today announced the release of version 6 of its end user computing suite: Horizon.
Starting with this version VMware not only provides a Virtual Desktop Infrastructure (VDI) solution based…
April 8th, 2014
Yesterday VMware announced that David Goulden, CEO of EMC Information Infrastructure and CFO of EMC, has left the board of directors.
Goulden will be replaced by Paul Sagan, former Akamai’s…
April 2nd, 2014
VMware vExpert is the program, started in 2009, that “rewards” the individuals who has been recognized as active contributors of the community that rotates around the VMware ecosystem.
The program…
April 1st, 2014
Red Hat has released a beta for an upcoming release of Red Hat Enterprise Virtualization (RHEV) platform version 3.4. Red Hat Enterprise Virtualization (RHEV) is Red Hats virtualization platform based…
March 27th, 2014
Log Insight is VMware’s product for log aggregation, management and analysis. Introduced in June 2013, Log Insight is kept updated with a fast pace in order to be competitive on…
March 26th, 2014
In January Citrix announced the upcoming 7.5 version of its Virtual Desktop Infrastructure (VDI) product XenDesktop and desktop and virtualization product XenApp. At that time especially the fact that the…
Copyright © 2003-2014 virtualization.info. All rights reserved.