VMware yesterday confirmed a single file from its ESX server hypervisor source code has been posted online, and it held out the possibility that more proprietary files could be leaked in the future.
In a tersely worded blog post, Iain Mulholland, director of VMware's Security Response Centre, said the posted ESX code and associated commentary was created between 2003 and 2004.
Mulholland did not provide additional details on the leaked code but said VMware customers aren't necessarily at risk.
Given the large number of service providers that run vSphere, security issues in ESX could potentially have a broad and widespread impact, according to security researchers.
"A serious zero day to the hypervisor could be disastrous to a lot of customers," said Andrew Plato, president of solution provider Anitian Enterprise Security.
Chris Ward, vice president of consulting and integration at solution provider Greenpages, said the potential risks to VMware and its customers depend on what type of ESX code has been compromised.
"If the code leaked was more service console level, versus the hypervisor or virtual machine manager (VMM) level code, then this is probably no big deal," Ward said.
"However, if the code contains some of the more proprietary stuff, then it is a potential security risk -- as well as a competitive risk if someone like Oracle, Red Hat, or Microsoft can capitalise on it."
VMware says it is looking into the matter and will be canvassing its industry partners and developers in order to determine the source of the breach.
"VMware proactively shares its source code and interfaces with other industry participants to enable the broad virtualisation ecosystem today," Mulholland said in the blog post. "We take customer security seriously and have engaged internal and external resources, including our VMware Security Response Centre, to thoroughly investigate."
The ESX hypervisor has helped VMware take a dominant position in the server virtualisation market. In 2008, VMware introduced a smaller, streamlined version of ESX -- called ESXi -- which is embedded in server motherboards.
VMware began using ESXi as its primary hypervisor in vSphere 5, in which it enables key features such as automatic deployment of hosts.
This article originally appeared at crn.com
Issue: 316 | July 2013
Access CRN's extensive online resources including; email bulletins, community discussions and unique online news.
Processing registration... Please wait.
This process can take up to a minute to complete.
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can log on to the CRN website or start posting comments on articles.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain '@crn.com.au' to your white-listed senders.