Hacker leaks VMware ESX kernel source code online

A hacker associated with the Anonymous collective and the 'AntiSec' movement has released VMware's ESX Server kernel source code online, available through torrent networks.
Written by Zack Whittaker, Contributor
VMware ESX Server kernel source code files. Screenshot: ZDNet

Hackers associated with the Anonymous collective have leaked the source code for the VMware ESX Server kernel on the Web.

Dutch hacker, going by the name "Stun," tweeted a link to a torrent file earlier today, which downloads at just shy of 2MB (compressed) in size, which contains a bevy of source code files. The kernel is believed to be dated between 1998 and 2004, but writing in a comment, the hacker said that, "kernels don't change that much in programs, they get extended or adapted but some core functionality still stays the same."


It is understood that this is the same hacker who leaked Symantec's Norton anti-virus source code earlier this year, in which the security software giant admitted that only a "segment" of code had been leaked.

VMware ESX Server is an virtualization software suite designed for enterprise environments. VMware states that ESX Server runs on "bare-metal" servers without the need of a third-party operating system [PDF]. ESX instead runs off its own kernel -- the core of the software that has been leaked today -- unlike other software that requires Windows, Mac, or Linux to operate on.

Earlier this year, another hacker posted fragments of the ESX software online, after he claimed to be in possession of 300MB worth of VMware source code and other internal data from other companies. 

According to Kaspersky at the time, the hacker may have successfully stolen code from China's National Electronics Import and Export Corp. (CEIEC) in March, leading to the data leak. CEIEC denied the claims.

All of the files viewed by ZDNet include the following text at the top of each file:

/* **********************************************************
* Copyright 1998 VMware, Inc. All rights reserved. -- VMware Confidential
* **********************************************************/

We are unable to publish any fragments of the source code for legal and copyright reasons.

Alongside this, a VMware blog post published earlier today confirmed that the company's security team was made aware of the VMware ESX source code leak today, and noted that today's release dates back to the source code fragments published earlier this year in April.

VMware platform security director Iain Mulholland warned that "more related files will be posted in the future" and the firm takes "customer security seriously and have engaged our VMware Security Response Center to thoroughly investigate."

The virtualization giant encourages users to update their products with the latest product updates and security patches, should the source code be used by malware writers to attack the platform.

Editorial standards