VMware warns about ESX source code public posting

Posted by Massimo Ferrari   |   Wednesday, April 25th, 2012   |  

Yesterday Iain Mulholland, Director of VMware Security Response Center, posted a VMware Security Note on Power of Partnership and VMware Security & Compliance official blogs.

Mulholland announced the public posting, on April 23, of a single file, containing VMware ESX source code and commentary from the period between 2003 and 2004.

The company has not officially reported which products could be compromised from this code leak or who might be the origin of the publication.

Due to ESX complexity what is clear is that the level of risk is directly related to what kind of information are contained in the published code.

If the code leaked was more service console level, versus the hypervisor or virtual machine manager (VMM) level code, then this is probably no big deal. However, if the code contains some of the more proprietary stuff, then it is a potential security risk — as well as a competitive risk if someone like Oracle, Red Hat, or Microsoft can capitalize on it.

Said Chris Ward, vice president of consulting and Integration at Greenpages, as crn.com reports.

Yesterday, April 23, 2012, our security team became aware of the public posting of a single file from the VMware ESX source code and the possibility that more files may be posted in the future. The posted code and associated commentary dates to the 2003 to 2004 timeframe.

The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers. VMware proactively shares its source code and interfaces with other industry participants to enable the broad virtualization ecosystem today. We take customer security seriously and have engaged internal and external resources, including our VMware Security Response Center, to thoroughly investigate. We will continue to provide updates to the VMware community if and when additional information is available.



blog comments powered by Disqus


virtualization.info Newest articles
Citrix acquires Virtual

September 18th, 2014

Citrix yesterday announced that it has acquired Virtual. Virtual provides a virtualization platform for iOS and Android which is cloud based. Virtual provides a solution for testing applications without the…

Will HP buy VMware from EMC?

September 17th, 2014

Last week the New York times published an article titled: “EMC explores selling stake in VMware“. While the news that EMC is exploring selling VMware is not new though. Paul…

Docker raises $40 million in series C funding

September 17th, 2014

After raising $15 million in Series B funding in January this year, Docker has announced that it has raised $40 million in Series C funding. Docker states that it will…

Release: VMware Mirage 5.1

September 17th, 2014

VMware has released version 5.1 of its centralized image management for Windows desktops: Mirage.
VMware Mirage is also part of the Horizon Suite, VMware’s end user computing suite that includes…

Release: Proxmox VE 3.3

September 16th, 2014

Proxmox Virtual Environment (VE) is an open source virtualization management solution that leverages KVM technologies.
Yesterday Proxmox Server Solutions GmbH announced the release of version 3.3 of its product that…

Convirture opens a UK based office to explore EMEA market

September 15th, 2014

Convirture the company, founded in 2006 that provides an open source management console to manage virtualization platforms,  announced to have opened a UK- based office which will help the company…

Release: VMware ThinApp 5.1

September 12th, 2014

VMware has released version 5.1 of its application virtualization product ThinApp. Version 5.1 is the follow up of version 5.0 which was released in November last year. The update provides…

Brian Stevens former Red Hat CTO joins Google as VP of Cloud Platforms

September 12th, 2014

Two weeks ago we were wondering about Brian Stevens, who resigned as Red Hat’s CTO, asking ourselves if this could be seen as a “tremendous opportunity” for both.
Red Hat…

HP Acquires Eucalyptus

September 12th, 2014

Yesterday HP announced to have reached a definitive agreement to acquire Eucalyptus, provider of an open source Cloud Solution competing with OpenStack, CloudStack and OpenNebula.
This acquisition will put…

Release: VMware ESXi and vCenter Server 5.5 Update 2

September 12th, 2014

This week VMware released version 5.5 Update 2 of two of its flagship products, ESXi and vCenter Server, updates that were announced at VMworld 2014 in San Francisco.
Among the…

Release: Red Hat Satellite 6

September 11th, 2014

Satellite is Red Hat’s server life-cycle management based on the community project Spacewalk, it basically provides provision, patch, configuration and subscription management across Red Hat’s ecosystem.
Yesterday the Raleigh company…

Release: Oracle VM VirtualBox 4.3.16

September 11th, 2014

Oracle has released a new version of its virtualization platform VM Virtualbox. Version 4.3.16 is considered a maintenance release which can be installed on top of version 4.3. The update…

Microsoft releases limited preview of Migration Accelerator for Azure

September 8th, 2014

Microsoft last week announced a limited preview of Migration Accelerator (MA) for Azure. MA can seamlessly migrate physical, VMware, Amazon Web Services (AWS) and Hyper-V workloads into Azure, automating discovery…

Amazon CFO will retire in summer 2015

September 5th, 2014

On September 3, Amazon announced that Chief Financial Officer Thomas Szkutak plans to retire in June 2015 after about 13 years in the business, beginning in October 2002, where he…

 
Monthly Archive