In a recent blog post, VMware director of platform security Iain Mulholland acknowledged that old VMware ESX source code from 2004 has been posted online. “It is possible that more related files will be posted in the future,” he wrote. “We take customer security seriously and have engaged our VMware Security Response Center to thoroughly investigate.”
“The source code download is almost 2MB in size and was posted early Sunday morning,” writes Threatpost’s Michael Mimoso.
“The code dump was publicised by a hacker called ‘Stun’ in a Tweet on Sunday, and uploaded to the 1337X torrent site,” writes SC Magazine’s Tom Espiner. “‘It is the VMkernel from between 1998 and 2004, but as we all know, kernels don’t change that much in programs, they get extended or adapted but some core functionality still stays the same,’ said Stun in text accompanying the dump.”
“VMware ESX Server is [a] virtualization software suite designed for enterprise environments,” writes ZDNet’s Zack Whittaker. “VMware states that ESX Server runs on ‘bare-metal’ servers without the need of a third-party operating system. ESX instead runs off its own kernel — the core of the software that has been leaked today — unlike other software that requires Windows, Mac, or Linux to operate on.”
“[A] previous VMWare source code leak was accompanied by the publication of the company’s internal emails via Pastebin by someone called Hardcore Charlie,” writes The Register’s John Leyden. “The Anonymous-affiliated hacker claimed the information came from China National Electronics Import and Export (CEIEC), an engineering and electronics company outfit. VMware said at the time that customers were not necessarily at greater risk as as result of the leak.”