VMware warns about ESX source code public posting

Posted by Massimo Ferrari   |   Wednesday, April 25th, 2012   |  

Yesterday Iain Mulholland, Director of VMware Security Response Center, posted a VMware Security Note on Power of Partnership and VMware Security & Compliance official blogs.

Mulholland announced the public posting, on April 23, of a single file, containing VMware ESX source code and commentary from the period between 2003 and 2004.

The company has not officially reported which products could be compromised from this code leak or who might be the origin of the publication.

Due to ESX complexity what is clear is that the level of risk is directly related to what kind of information are contained in the published code.

If the code leaked was more service console level, versus the hypervisor or virtual machine manager (VMM) level code, then this is probably no big deal. However, if the code contains some of the more proprietary stuff, then it is a potential security risk — as well as a competitive risk if someone like Oracle, Red Hat, or Microsoft can capitalize on it.

Said Chris Ward, vice president of consulting and Integration at Greenpages, as crn.com reports.

Yesterday, April 23, 2012, our security team became aware of the public posting of a single file from the VMware ESX source code and the possibility that more files may be posted in the future. The posted code and associated commentary dates to the 2003 to 2004 timeframe.

The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers. VMware proactively shares its source code and interfaces with other industry participants to enable the broad virtualization ecosystem today. We take customer security seriously and have engaged internal and external resources, including our VMware Security Response Center, to thoroughly investigate. We will continue to provide updates to the VMware community if and when additional information is available.



blog comments powered by Disqus


virtualization.info Newest articles
Release: Splunk App for VMware 3.1

April 17th, 2014

On April 15 Splunk announced the availability of Splunk App for VMware 3.1, the system that is competing with VMware Log Insight solution to provide administrators with a real-time…

Release: Ubuntu 14.04 LTS

April 15th, 2014

Today Canonical announced the new Ubuntu Linux 14.04 LTS with a press release intriguingly focused on its role as an OpenStack platform.
This release, that will be available on…

VMware introduces vCloud Hybrid Service – Disaster Recovery

April 15th, 2014

VMware vCloud Hybrid Service (vCHS) is the VMware’s owned and operated public Infrastructure as a Service (IaaS) platform, launched in 2013 in the US and extended to Europe in February…

Paper: 3D Graphics for Virtual Desktops Smackdown

April 11th, 2014

PQR, a dutch technology company has released a paper titled:"3D Graphics for Virtual Desktops Smackdown". The paper which contains 139 pages is written by virtualization experts, Benny Tritsch, Ruben Spruijt,…

Microsoft releases preview of Microsoft Azure Automation

April 10th, 2014

Microsoft has announced the release of a preview of Azure Automation. Azure Automation provides an orchestration engine for use within Microsoft Azure. Azure Automation allows you to automate the creation,…

Release: Citrix XenClient 5.1

April 10th, 2014

Citrix has released version 5.1 of its client hypervisor XenClient. XenClient consists of two technologies, the XenClient, which is a type-1 client hypervisor running on selected hardware and the XenClient…

Release: Microsoft Virtual Machine Converter 2.0

April 10th, 2014

In October 2012 Microsoft released version 1.0 of its Virtual Machine Converter tool (MVMC) allowing the conversion of VMware based virtual machines (VM’s) to Hyper-V based VM’s and virtual hard…

Paper: What’s New in VMware vSphere 5.5 Networking

April 9th, 2014

VMware vSpere 5.5 was released in September 2013 and introduced a couple of improvements to the networking capabilities of the vSphere platform.
These enhancements could be resumed as follows:

More…

VMware announces Horizon 6, adding Server Based Computing as a solution

April 9th, 2014

VMware today announced the release of version 6 of its end user computing suite: Horizon.
Starting with this version VMware not only provides a Virtual Desktop Infrastructure (VDI) solution based…

VMware elects Paul Sagan in the board of directors

April 8th, 2014

Yesterday VMware announced that David Goulden, CEO of EMC Information Infrastructure and CFO of EMC, has left the board of directors.
Goulden will be replaced by Paul Sagan, former Akamai’s…

VMware announces Q1 vExperts 2014

April 2nd, 2014

VMware vExpert is the program, started in 2009, that “rewards” the individuals who has been recognized as active contributors of the community that rotates around the VMware ecosystem.
The program…

Red Hat releases beta of Enterprise Virtualization version 3.4

April 1st, 2014

Red Hat has released a beta for an upcoming release of Red Hat Enterprise Virtualization (RHEV) platform version 3.4. Red Hat Enterprise Virtualization (RHEV) is Red Hats virtualization platform based…

Release: VMware vCenter Log Insight 2.0-beta

March 27th, 2014

Log Insight is VMware’s product for log aggregation, management and analysis. Introduced in June 2013, Log Insight is kept updated with a fast pace in order to be competitive on…

Release: Citrix XenApp 7.5 and XenDesktop 7.5

March 26th, 2014

In January Citrix announced the upcoming 7.5 version of its Virtual Desktop Infrastructure (VDI) product XenDesktop and desktop and virtualization product XenApp. At that time especially the fact that the…

 
Monthly Archive