VMWare ESX Source Code Leaked On The Internet

Use Netsparker


Another big source code leak, this time VMWare ESX, software which I’m sure most of the readers here have used at some point (I know I have).

There was a time back in 2006 when VMWare Rootkits seemed like they might be the next big thing, but nothing much ever came out of it.

VMware is playing it down, but I think this is a fairly serious leak – we all know what happens when the bad guys get access to source code – they find lovely new 0day bugs to play with.

VMware has confirmed that the source code for old versions of its ESX technology was leaked by hackers over the weekend – but played down the significance of the spill.

The virtualisation giant said on Sunday that the exposed portions of its hypervisor date back to 2004, and the leak follows the disclosure of VMware source code in April.

“It is possible that more related files will be posted in the future,” Iain Mulholland, VMware’s director of platform security, explained. “We take customer security seriously and have engaged our VMware Security Response Center to thoroughly investigate.”

Mulholland said customers who apply the latest product updates and patches, in addition to following system hardening guidelines, ought to be protected against attacks developed in the wake of the code leak.

“By applying the combination of the most current product updates and the relevant security patches, we believe our customer environments will be best protected,” he said.

A 2MB compressed archive of the software blueprints was uploaded into file-sharing networks and promoted by various tweeters on Sunday. Some of these tweets, posted with the hashtags #Anonymous #AntiSec and #SourcySleazySundays, claimed that the leaked code was the “full VMware ESX Server Kernel”.

Some of the people posting the code were hash-tagging with Anonymous – but there’s been no ‘official’ announcement from any of the Anonymous channels so I doubt it’s really related.

As usual VMWare are saying if you’re using the latest patched version and have applied the ‘hardening measures’ you will be safe. I’d except something nasty to come out of this within the next month or so.


A person going by the name of Stun, who made the source code available, wrote: “It is the VMKernel from between 1998 and 2004, but as we all know, kernels don’t change that much in programs, they get extended or adapted but some core functionality still stays the same.”

The previous VMWare source code leak was accompanied by the publication of the company’s internal emails via Pastebin by someone called Hardcore Charlie. The Anonymous-affiliated hacker claimed the information came from China National Electronics Import and Export (CEIEC), an engineering and electronics company outfit.

VMware said at the time that customers were not necessarily at greater risk as as result of the leak.

Hacktivists, to say nothing of state-sponsored cyber-espionage, have increased the threat of intellectual property theft for high-tech firms. The VMWare case is not unprecedented.

Earlier this year Symantec admitted source code for the 2006-era versions of the following products had been exposed: Norton Antivirus Corporate Edition; Norton Internet Security; Norton SystemWorks (Norton Utilities and Norton GoBack); and pcAnywhere. The security biz took the highly unusual step of advising customers of pcAnywhere to suspend use of the older versions of remote control desktop management software pending the release of a patch, which arrived within days of the warning.

An Indian hacktivist crew called the Lords of Dharmaraja claimed they lifted Symantec’s source code from systems belonging to the Indian government.

One upside is it’s only the kernel, and it is 8 years old (the kernel is from 1998-2004) – but then again the kernel does provide key functionality and kernels don’t change that much. There have been some major leaks of source code in the last couple of years including Symantec and Kaspersky.

Intellectual Property theft from large corporations is becoming a big thing and a very tasty target for hacktivists as source code and development systems don’t tend to be as highly secure as those containing say financial records or purchase transactions.

Source: The Register

Posted in: Legal Issues, Privacy, Secure Coding


Latest Posts:


BDFProxy - Patch Binaries via MITM - BackdoorFactory + mitmProxy BDFProxy – Patch Binaries via MiTM – BackdoorFactory + mitmproxy
BDFProxy allows you to patch binaries via MiTM with The Backdoor Factory combined with mitmproxy enabling on the fly patching of binary downloads
Domained - Multi Tool Subdomain Enumeration Domained – Multi Tool Subdomain Enumeration
Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains.
Acunetix Vulnerability Scanner For Linux Now Available Acunetix Vulnerability Scanner For Linux Now Available
Acunetix Vulnerability Scanner For Linux is now available, now you get all of the functionality of Acunetix, with all of the dependability of Linux.
Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.


Comments are closed.