VMware Confirms Older Hypervisor Source Code Exposed

Friday, April 27, 2012



Virtualization vendor VMware has confirmed the exposure of source code for the firm's VMware ESX server hypervisor product.

The company also believes there is a strong possibility that more proprietary information could be released in the future.

"[On] April 23, 2012 our security team became aware of the public posting of a single file from the VMware ESX source code and the possibility that more files may be posted in the future. The posted code and associated commentary dates to the 2003 to 2004 timeframe," Iain Mulholland, Director of VMware's Security Response Center stated.

The code was leaked by a hacker using the handle "Hardcore Charlie" along with what appear to be other company documents and internal communications.

The company does not believe the leak of the source code for an older version of the hypervisor product should be of any concern for their customer base.

"The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers," Mulholland said.

The origin of the source code exposure has not been identified, and given that the company openly shares such material with business partners, the breach likely could have been at a third party.

"VMware proactively shares its source code and interfaces with other industry participants to enable the broad virtualization ecosystem today," Mulholland explained.

VMware has enlisted specialists to assist in their investigation, and stated that more information on the breach will be provided as it becomes available.

"We take customer security seriously and have engaged internal and external resources, including our VMware Security Response Center, to thoroughly investigate. We will continue to provide updates to the VMware community if and when additional information is available," Mulholland continued.

Source:  http://blogs.vmware.com/security/2012/04/vmware-security-note.html

Possibly Related Articles:
Virtualization Headlines Network Security VMware vendor hackers breach Source Code Hypervisor
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.