VMware ESX Server

VMware ESX Server is the operating system of virtualization which allows to separate the physical computer into the logical partitions called by virtual machines. Includes management tools virtual resources.

In essence represents a hypervisor that means installation before any other operating system. And also imposes a certain set of requirements to the hardware - in particular, existence of support of virtualization from the processor is obligatory. After the ESX Server installation the OS installation bears to like that in VMware Workstation a strong resemblance.

On April 24, 2012 information on leak of the file with the source code of one of the hypervisors of VMware of ESX best today for virtualization of servers was published in the official blog of VMware. Iain Mulholland, the director of VMware Security Response Center, did not exclude a possibility of emergence in the long term and other files in open access. However, the code and comments integrated to it are dated for 2003-2004.

It is remarkable that on the same day information on leakage of 300 MB of the source code of VMware was published in the blog ThreatPost belonging to Kaspersky Lab. The certain hacker known under the alias Hardcore Charlie managed to load it from China Electronics Import-Export Corporation (CEIEC) network – the company acts as the contractor of armed forces of China. A month earlier Hardcore Charlie announced network hacking of CEIEC then it managed to get access to thousands of documents on vnutrikorporatiny servers. Quite perhaps, the source code of VMware is also one of these documents.

There is an impression that representatives of VMware intentionally aim to play down the occurred incident. Leak of the code at all optional imposes any risks on customers – it is said in the blog of the company. Say, software developers traditionally extend between partners separate parts of the source code and specification of interfaces for expansion of the existing ecosystem of applications. Especially, if it is about such quickly developing technology as virtualization. In other words, in leaks there is nothing unusual and from time to time they inevitably happen.

Nevertheless, Ian Mulholland assured that VMware used all available internal and external resources for investigation of an incident. In process of emergence at the disposal of its department of new information he promised to inform of it concerned parties without delay. As Mark Bower considers, the vice president of Voltage Security, an incident with leak of the source code of VMware of ESX is evident confirmation of existence of gaps even in the systems of protection of the large and well-known companies.