Page MenuHomePhabricator

MediaWiki-Vagrant complains about insecure NIC setting
Open, Needs TriagePublic

Description

vagrant up gives this:

==> default: Vagrant has detected a configuration issue which exposes a
==> default: vulnerability with the installed version of VirtualBox. The
==> default: current guest is configured to use an E1000 NIC type for a
==> default: network adapter which is vulnerable in this version of VirtualBox.
==> default: Ensure the guest is trusted to use this configuration or update
==> default: the NIC type using one of the methods below:
==> default: 
==> default:   https://www.vagrantup.com/docs/virtualbox/configuration.html#default-nic-type
==> default:   https://www.vagrantup.com/docs/virtualbox/networking.html#virtualbox-nic-type

Works otherwise, but annoying.

The links recomment changing the default_nic_type property of the Vagrant provider, or the nic_type property of the network.

Per vagrant#10481, Virtualbox versions less than 5.2.22 are vulnerable. Ubuntu 18.04 is at 5.2.18 now.

More information on the security issue: https://developers.slashdot.org/story/18/11/10/1739206/disgruntled-security-researcher-publishes-major-virtualbox-0-day-exploit

Event Timeline

Tgr created this task.Mar 21 2019, 6:38 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 21 2019, 6:38 PM
Tgr updated the task description. (Show Details)Mar 21 2019, 6:38 PM
Tgr updated the task description. (Show Details)
Tgr updated the task description. (Show Details)Mar 21 2019, 6:47 PM
Tgr added a comment.Mar 21 2019, 6:57 PM

Adding a default NIC type as suggested in the links does not seem to do anything. Maybe the vagrant box would have to be rebuilt?
Using a newer version of Virtualbox might not be an easy option since Virtualbox provides its own driver and secure boot requires signed drivers. At least the .deb files downloadable from Oracle do not take care of that.

Tgr updated the task description. (Show Details)Mar 21 2019, 7:00 PM