More VMware ESX source code posted online


VMware ESX source code was leaked onto the Internet over the weekend, which was confirmed by the virtualization giant on Sunday. The latest source code exposed portions of its hypervisors from 1998 to 2004, and is related to code posted in April and May.

The hacker who tweeted the link to the torrent site containing the 2MB source code accused VMware of being deceptive and producing low quality software. Noting that VMware will attempt to downplay the severity, he wrote "but as we all know, kernels don't change that much in programs, they get extended or adapted but some core functionality still stays the same."

In a blog post, Iain Mulholland--who is the director of platform security at VMware--urged customers to apply the latest product updates and security patches available for their environment. In addition, he also asked that customers review the security hardening guides here--similar advice that Mulholland gave when the first batches of ESX source code were first posted online.

Mulholland said, "By applying the combination of the most current product updates and the relevant security patches, we believe our customer environments will be best protected." VMware is currently investigating, and "It is possible that more related files will be posted in the future."

For more:
- check out this article at Threatpost

Related Articles:
Stolen VMware source code from '2003 to 2004 timeframe'
Vulnerable open-source code components in business software

Filed Under