For the third time this year, VMware ESX source code has been posted online. A hacker known as Stun claiming to be affiliated with Anonymous tweeted a link to a torrent site hosting the stolen VMkernel source code. VMware director of platform security Iain Mulholland acknowledged the breach on Sunday and confirmed the source code, dating from 1998-2004, is related to code posted in April and May.
The source code download is almost 2MB in size and was posted early Sunday morning.
“VMware will try to make like this Kernel is old and isn’t used in its recent products. But thanks god, there is still such a thing as reverse engineering that will prove its true destiny,” wrote Stun, whose Twitter page said he is from the Netherlands. “Little sidenote about this release, it is the VMKernel from between 1998 and 2004, but as we all know, kernels don’t change that much in programs, they get extended or adapted but some core functionality still stays the same.”
Mulholland said VMware is investigating and urged customers to apply the latest ESX updates and security patches. “It is possible that more related files will be posted in the future,” Mulholland said.
That’s a similar warning to others Mulholland gave in April and May when the first batches of ESX source code was leaked online.
In April, Threatpost reported that the original source of the April leak could be an attack on the China Electronics Import & Export Corporation (CEIEC). An attack on VMware’s source code repository was not ruled out.
Mulholland, in an interview, said the leaked documents in April included internal VMware communications pasted onto CEIEC letterhead and also included email messages discussing code reviews and contextual notes added to the source code repository for developers’ reference.
The ESX architecture is a bare-metal hypervisor that manages virtual machines partitioned on physical hosts. It has since been replaced by ESXi where VMware agents run on the VMkernel.