Potential security breach of europa.uio.no

Due to the security flaw presented in CVE-2017-6074 there is the possibility that europa.uio.no (also known as login.math.uio.no) was compromised at some point before Friday the 24th of February, 2017.

CVE-2017-6074 describes a security flaw in the Linux kernel that could be used to escalate one's privileges. This flaw requires the kernel module "dccp" to be loaded, a module that was loaded on the machine in question. There are perfectly legitimate reasons as to why this module may have been loaded, but as this machine is our primary login server and as someone with access to the root account on this machine may gain access to both user data and research data stored at the department, the machine was immediately wiped and reinstalled. This process has no effect on user files or research data stored at the department.

A select few users may also have been compromised. Those users have received an email specifically about the incident. 

Published Feb. 24, 2017 6:17 PM - Last modified Feb. 24, 2017 6:25 PM