VMware virtualisation source code stolen, but impact unclear
Company says it was just one file of old code
By Tim Greene | Network World US | Published: 10:05, 26 April 2012
VMware ESX source code has been stolen and posted online, but the company says its virtualisation platform doesn't necessarily pose an increased risk to customers.
The stolen code amounts to a single file from sometime around 2003 or 2004, the company said.
"The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers," according to a blog written by Iain Mulholland, director of the company's Security Response Center.
Related Articles on Techworld
The code was stolen from a Chinese company called China Electronics Import & Export Corporation (CEIEC) during a March breach, according to a posting on the Kaspersky Threat Post blog.
The code along with internal VMware emails were posted online three days ago.
Eric Chiu, president of virtualisation security firm Hytrust, says it's hard to say what VMware customers should do because there's not enough detail about how the exposed code is being used in current products.
In general, though, customers should review the security for virtual environments to address the fact that a compromised hypervisor exposes multiple virtual machines.
While the incident is reminiscent of the breach last year of RSA source code, the circumstances differ. An RSA partner was breached and that breach was used to send a malware-laced email to an RSA staffer who opened it.
In VMware's case, the CEIEC network was hacked and finding the source code was fortuitous.
VMware said: "On April 23, 2012, our security team became aware of the public posting of a single file from the VMware ESX source code and the possibility that more files may be posted in the future. The posted code and associated commentary dates to the 2003 to 2004 timeframe.
"The fact that the source code may have been publicly shared does not necessarily mean that there is any increased risk to VMware customers. VMware proactively shares its source code and interfaces with other industry participants to enable the broad virtualization ecosystem today. We take customer security seriously and have engaged internal and external resources, including our VMware Security Response Center, to thoroughly investigate. We will continue to provide updates to the VMware community if and when additional information is available."