VMware warns about ESX source code public posting
 |
Yesterday Iain Mulholland, Director of VMware Security Response Center, posted a VMware Security Note on Power of Partnership and VMware Security & Compliance official blogs.
Mulholland announced the public posting, on April 23, of a single file, containing VMware ESX source code and commentary from the period between 2003 and 2004.
The company has not officially reported which products could be compromised from this code leak or who might be the origin of the publication.
Due to ESX complexity what is clear is that the level of risk is directly related to what kind of information are contained in the published code.
If the code leaked was more service console level, versus the hypervisor or virtual machine manager (VMM) level code, then this is probably no big deal. However, if the code contains some of the more proprietary stuff, then it is a potential security risk — as well as a competitive risk if someone like Oracle, Red Hat, or Microsoft can capitalize on it.
Said Chris Ward, vice president of consulting and Integration at Greenpages, as crn.com reports.
Yesterday, April 23, 2012, our security team became aware of the public posting of a single file from the VMware ESX source code and the possibility that more files may be posted in the future. The posted code and associated commentary dates to the 2003 to 2004 timeframe.
The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers. VMware proactively shares its source code and interfaces with other industry participants to enable the broad virtualization ecosystem today. We take customer security seriously and have engaged internal and external resources, including our VMware Security Response Center, to thoroughly investigate. We will continue to provide updates to the VMware community if and when additional information is available.
virtualization.info Newest articles
June 13th, 2017
Log Insight is a log aggregation, management and analysis tool, that VMware first introduced in 2013 and considered a competitor of Splunk.
Yesterday VMware announced the release of version 4.5, available for…
June 6th, 2017
Today VMware announced the latest release of its cloud management platform vRealize Automation, former vCloud Automation Center.
VMware vRealize Automation 7.3 release notes can be found at this link.
The…
February 9th, 2017
“We see greater potential strategic opportunity in NSX over the next decade than our franchise product vSphere has had for the past decade.”
said VMware’s CEO Pat Gelsinger talking about…
November 22nd, 2016
Encryption of virtual machines is something that has been requested for years by the security community. VMware continued to postpone its implementation due to the negative operational impact that many…
November 1st, 2016
In September 2012 Dell announced to have completed the acquisition of Quest Software, a Californian company with an history in systems management, security, business intelligence and, falling back in our…
October 21st, 2016
Citrix announced its financial results for third quarter 2016.
The revenues for the second quarter were $841 million for an increase of 3% compared to Q3 2015.
Net income was $132…
October 19th, 2016
2016 edition of VMworld US has been quite turbulent, on the other hand during VMworld Europe, happening these days in Barcelona, the company announced a few more products for the…
October 18th, 2016
Log Insight is a log aggregation, management and analisys tool, that VMware first introduced in 2013 and now is usually compared with Splunk.
Yesterday VMware announced Log Insight’s new major…
October 13th, 2016
Yesterday Microsoft announced the general availability of Windows Server 2016 which the company defines as a cloud-ready OS.
Beside fancy definitions, one of the most relevant perks of this release…
September 22nd, 2016
During Oracle OpenWorld 2016 the company released version 3.4.2 of its enterprise virtualization solution.
Oracle VM is available for both x86 and SPARC based processor architectures and uses the Xen hypervisor…
September 1st, 2016
Today was the last day of VMware’s flagship conference VMworld in Las Vegas, an highly controversial edition which left a good chunk of the audience disoriented if not properly disappointed….
August 11th, 2016
Last week Gartner updated its Magic Quadrant for Cloud Infrastructure as a Service (IaaS) for the year 2016. The Magic Quadrant for the year 2015 was released in May last year…
August 2nd, 2016
Ansible is one of the four main players in the automation market, younger then the well known Chef and Puppet, has been launched in 2013 in Durham, N.C. and acquired…
July 19th, 2016
Yesterday IBM announced its results for Q2 2016.
If we compare with the same quarter in 2015 earnings per share, from continuing operations, decreased 22%. Net income, from continuing operations,…
Copyright © 2003-2017 virtualization.info. All rights reserved.