VMware warns about ESX source code public posting

Posted by Massimo Ferrari   |   Wednesday, April 25th, 2012   |  

Yesterday Iain Mulholland, Director of VMware Security Response Center, posted a VMware Security Note on Power of Partnership and VMware Security & Compliance official blogs.

Mulholland announced the public posting, on April 23, of a single file, containing VMware ESX source code and commentary from the period between 2003 and 2004.

The company has not officially reported which products could be compromised from this code leak or who might be the origin of the publication.

Due to ESX complexity what is clear is that the level of risk is directly related to what kind of information are contained in the published code.

If the code leaked was more service console level, versus the hypervisor or virtual machine manager (VMM) level code, then this is probably no big deal. However, if the code contains some of the more proprietary stuff, then it is a potential security risk — as well as a competitive risk if someone like Oracle, Red Hat, or Microsoft can capitalize on it.

Said Chris Ward, vice president of consulting and Integration at Greenpages, as crn.com reports.

Yesterday, April 23, 2012, our security team became aware of the public posting of a single file from the VMware ESX source code and the possibility that more files may be posted in the future. The posted code and associated commentary dates to the 2003 to 2004 timeframe.

The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers. VMware proactively shares its source code and interfaces with other industry participants to enable the broad virtualization ecosystem today. We take customer security seriously and have engaged internal and external resources, including our VMware Security Response Center, to thoroughly investigate. We will continue to provide updates to the VMware community if and when additional information is available.



blog comments powered by Disqus


virtualization.info Newest articles
Paper: VMware vCenter Server 6.0 Deployment Guide

March 3rd, 2015

VMware has released a paper titled: "VMware vCenter Server 6.0 Deployment Guide". The paper which contains 100 pages covers two new simplified deployment models introduced with version 6. Embedded which…

VMware hires new CIO: Bask Iyer, former Juniper Networks

March 2nd, 2015

On February 24 VMware disclosed that the former chief information officer of Juniper Networks, Bask Iyer, was elected as the new CIO at VMware. Iyer is taking Tony Scott position…

Parallels Acquires 2X Software

February 27th, 2015

On February 25, Parallels announced that it has acquired 2X Software. 2X Software is a Maltese company, with offices in the United States, Germany, UK, Australia and of course Malta,…

Release: Proxmox Virtual Environment 3.4

February 27th, 2015

Proxmox Server Solutions GmbH headquartered in Vienna, Austria announced to have released the version 3.4 of Proxmox Virtual Environment, an open source virtualization management solution that leverages KVM technologies. Proxmox joined…

Release: Red Hat Enterprise Linux OpenStack Platform 6

February 17th, 2015

Red Hat today announced the release of version 6 of its OpenStack platform management tool Red Hat Enterprise Linux OpenStack. Version 6 is the follow up of version 5 which…

Release: Red Hat Enterprise Virtualization 3.5

February 12th, 2015

Yesterday February 11, Red Hat has announced the global availability of version 3.5 of its virtualization platform: Red Hat Enterprise Virtualization (aka RHEV).
RHEV is based on the Kernel-based Virtual Machine (KVM) hypervisor and…

Release: Oracle VM 3.3.2

February 12th, 2015

Oracle has released version 3.3.2 of its enterprise virtualizatoin solution. The virtualization solution is available for both x86 and SPARC based processor architectures and uses the Xen hypervisor technology, supporting…

Release: Docker Engine 1.5

February 12th, 2015

Docker has released version 1.5 of its container virtualization solution. Docker provides so called container virtualization, allowing an application and its dependencies to run as an isolated process inside…

Release: Microsoft Assessment and Planning Toolkit 9.2

February 12th, 2015

Microsoft has released version 9.1 of its capactiy planning tool the Assessment and Planning Toolkit (MAP). This version is the follow-up of version 9.1 which was released in July…

NIMBOXX acquires VERDE assets from Virtual Bridges

February 10th, 2015

NIMBOXX a company which creates converged hardware appliances combining storage, server, networking and virtualization technology announced that it has acquired the Virtual Desktop Infrastructure (VDI) technology product VERDE from…

Citrix announces to cut 900 Jobs

February 6th, 2015

Last week Citrix announced its financial reports for Q4 and Fiscal year 2014, despite the positive results that the company had for full year 2014, the general opinion is that…

Paper: Reference Architecture – Lenovo Client Virtualization

February 5th, 2015

Lenovo has published a paper titled:"Reference Architecture: Lenovo Client Virtualization". The paper which contains 44 pages contains a reference architecture for Server Based Computing (SBC) and Virtual Desktop Infrastructure…

Book: Microsoft Azure Essentials: Fundamentals of Azure

February 4th, 2015

Microsoft has published a free ebook titled: “Microsoft Azure Essentials: Fundamentals of Azure“. The book, which contains 246 pages covers the fundamentals of Microsoft Azure’s cloud offering. It concentrates…

VMware acquires Immidio

February 3rd, 2015

VMware today announced that it has acquired Immidio. Immidio provides several User Environment Management related product: Immidio AppScriber and Immidio Flex+. With the acquisition of Immidio VMware wants to fill…

 
Monthly Archive