VMware warns about ESX source code public posting

Posted by Massimo Ferrari   |   Wednesday, April 25th, 2012   |  

Yesterday Iain Mulholland, Director of VMware Security Response Center, posted a VMware Security Note on Power of Partnership and VMware Security & Compliance official blogs.

Mulholland announced the public posting, on April 23, of a single file, containing VMware ESX source code and commentary from the period between 2003 and 2004.

The company has not officially reported which products could be compromised from this code leak or who might be the origin of the publication.

Due to ESX complexity what is clear is that the level of risk is directly related to what kind of information are contained in the published code.

If the code leaked was more service console level, versus the hypervisor or virtual machine manager (VMM) level code, then this is probably no big deal. However, if the code contains some of the more proprietary stuff, then it is a potential security risk — as well as a competitive risk if someone like Oracle, Red Hat, or Microsoft can capitalize on it.

Said Chris Ward, vice president of consulting and Integration at Greenpages, as crn.com reports.

Yesterday, April 23, 2012, our security team became aware of the public posting of a single file from the VMware ESX source code and the possibility that more files may be posted in the future. The posted code and associated commentary dates to the 2003 to 2004 timeframe.

The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers. VMware proactively shares its source code and interfaces with other industry participants to enable the broad virtualization ecosystem today. We take customer security seriously and have engaged internal and external resources, including our VMware Security Response Center, to thoroughly investigate. We will continue to provide updates to the VMware community if and when additional information is available.



blog comments powered by Disqus


virtualization.info Newest articles
Release: VMware Mirage 5.2

December 11th, 2014

VMware has released version 5.2 of its centralized image management solution for Windows desktops: Mirage. Version 5.2 is the follow-up of version 5.1 which was released in September this year….

Release: VMware vRealize Log Insight 2.5

December 10th, 2014

After announcing vRealize Log Insight 2.5 in October this year, VMware today released the version to its customers. Log Insight is a log aggregation, management and analisys tool, and version…

Release: VMware vRealize Operations Manager 6.0

December 10th, 2014

VMware has released version 6.0 of its monitoring tool vRealize Operations Manager. vRealize Operations Manager provides performance, capacity and configuration management capabilities across physical, virtual and cloud infrastructures. Its…

VMware makes App Volumes generally available

December 10th, 2014

In August this year, VMware acquired CloudVolumes, a company providing an application containerization solution, similar to what Docker is currently providing. Actually buying the CloudVolumes solution was quite confusing, since…

Release: Microsoft Desktop Optimization Pack 2014 R2

December 8th, 2014

Microsoft has released its Desktop Optimization Pack (MDOP) 2014 R2, which is available for Microsoft Customers with Software Assurance. The MDOP 2014 R2 is the follow up of the…

Release: 5nine Manager 6.0 for Hyper-V

December 4th, 2014

5nine has released version 6.0 of its Microsoft hypervisor management solution 5nine Manager. 5nine Manager is capable of managing multiple versions of Microsoft Hyper-V hosts, and also provdes an…

Release: Veeam Management Pack v7 R2 for System Center

December 3rd, 2014

Veaam today released a new version of its Management Pack for Microsoft’s Operations Manager monitoring solution capable of monitoring VMware vSphere, Microsoft Hyper-V and Veeam Backup & Replication environments.
The…

Release: Dell Wyse vWorkSpace 8.5

December 3rd, 2014

Dell has released version 8.5 of its VDI Connection Broker Software Wyse vWorkspace. vWorkSpace was part of the product portfolio of Quest when it was acquired by Dell in September…

Tech: Microsoft Cloud Platform Integration Framework

December 3rd, 2014

Microsoft has published a series of articles on the subject: Cloud Platform Integration Framework. The Cloud Platform Integration Framework (CPIF) provides an enterprise or cloud service provider architect patterns…

Release: VMware Workstation 11 and VMware Player 7 Pro

December 2nd, 2014

On October 1st VMware announced the upcoming features for Workstation version 11 and Player Pro version 7. Today VMware released both version making them generally available to VMware customers. Starting…

OpenStack 2015 Board of Directors Elections

November 28th, 2014

The OpenStack Foundation regularly conducts Elections for Individual Directors of the Foundation’s Board, next elections for the 2015 Board of Directors are going to be held from Monday January…

Paper: Dell Wyse Datacenter for VMware Horizon View Reference Architecture v.6.6

November 28th, 2014

Dell has released a paper titled: "Dell Wyse Datacenter for VMware Horizon View Reference Architecture v.6.6". The paper which contains 110 pages contains a Reference Architecture for the design, configuration…

Paper: Creating a VMware Software-Defined Data Center

November 27th, 2014

VMware has released a paper titled:"Creating a VMware Software-Defined Data Center". The paper which contains 29 pages describes a reference architecture for a Software Defined Data Center (SDDC) using VMware…

Release: 5nine Cloud Security 5.0 for Hyper-V

November 26th, 2014

5nine has released version 5 of its Cloud Security for Hyper-V product. Cloud Security for Hyper-V is a solution which helps to ensure security and compliance for Hyper-V environments. It…

 
Monthly Archive