VMware warns of ESX source code leak

VMware has confirmed that source code files for an old version of its ESX virtualisation platform has been leaked online.

A download link to the files, which VMware says date back to 2004, was posted on Twitter yesterday by Anonymous-affiliated ‘hacker’ Stun.

"VMware will try to make like this Kernel is old and isn’t used in its recent products," Stun wrote. "It is the VMKernel from between 1998 and 2004, but as we all know, kernels don’t change that much in programs, they get extended or adapted but some core functionality still stays the same."

Another file from the ESX source code was leaked in April. At the time VMware said that it did not necessarily "mean that there is any increased risk to VMware customers."

This time, the company advised customers to "apply the latest product updates and security patches".

"By applying the combination of the most current product updates and the relevant security patches, we believe our customer environments will be best protected," wrote Iain Mulholland, VMware’s director of platform security, on the company’s security blog.

Mulholland added that it "is possible that more related files will be posted in the future".

Stun, the hacker claiming responsibility for this leak, also claimed to have leaked the source code for Symantec’s Norton Utilites 2006 desktop security software.

Hardcore Charlie, the hacker who leaked the previous source code file, claimed to have stolen it from the China Electronics Import & Export Corporation (CEIEC) in March. CEIEC described the claim as "totally groundless, highly subjective and defamatory".

Avatar photo

Ben Rossi

Ben was Vitesse Media's editorial director, leading content creation and editorial strategy across all Vitesse products, including its market-leading B2B and consumer magazines, websites, research and...

Related Topics