Hello, At our school our system administrator (who is very good) was running Red Hat 5.1 and someone broke in and got root privileges. Since he had written a Lan watch, we think we know how it happened.
The Lan Watch showed someone form Israel send a very long packet to mountd. Shortly after, two names were added to the password file with user id 0. We suspect that /etc was NFS mounted with write permission. Afterwards there were logins from the two added names and rsh was changed. Is Debian vulnerable? Unfortunately, I haven't progressed to the stage where I am comfortable looking at code. King