VMware's ESX hypervisor source code leak may stem from an attack on a Chinese import-export firm last month in which an anonymous hacker claims to have made off with more than one terabyte of confidential documents.
On Tuesday, Kaspersky Lab's Threatpost blog reported the details of its recent IRC conversation with "Hardcore Charlie," the anonymous hacker who posted the purported VMware ESX source code online on April 8.
Hardcore Charlie claims to have obtained the VMware ESX source code after breaching the corporate network of the China National Electronics Import-Export Corporation (CEIEC), a Beijing-based firm.
He also broke into and stole documents from the networks of China North Industries Corporation (Norinco) WanBao Mining Ltd, Ivanho and PetroVietnam, according to the Threatpost report.
VMware could not be reached for comment.
In a security bulletin issued earlier on Tuesday, VMware warned a single file from its ESX server hypervisor source code had been posted online and said it is possible that more proprietary files could be leaked.
The leaked ESX code is from the 2003 to 2004 period. Security experts told CRN the potential impact of the breach depends on how much VMware has changed the code base since then.
VMware said it shares source code with industry partners, but other vendors, including Cisco, have had source code leaks in the past without problems, said Charlie Winckless, senior security architect at Presidio Networked Solutions.
Still, a zero-day vulnerability in ESX could pose significant problems for VMware and the legions of cloud service providers whose infrastructure runs on the hypervisor. Winckless said the availability of ESX source code could give hackers a better chance to find undiscovered vulnerabilities.
"How serious this exposure is depends on the level of code audit performed," Winckless said. "There almost certainly will be some bugs and issues exposed, but it's far from certain that they are exploitable."
VMware spends a lot of effort guarding against the disaster scenario of attackers compromising multiple virtual servers on a single piece of hardware, which makes it less likely that such an attack could stem from the leaked source code, according to Winckless.
"I'd assume that any issues found will be less serious and mostly on customers who haven't upgraded to later versions," he said.
This article originally appeared at crn.com
Issue: 315 | May 2013
Access CRN's extensive online resources including; email bulletins, community discussions and unique online news.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can log on to the CRN website or start posting comments on articles.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain '@crn.com.au' to your white-listed senders.