At our school our system administrator (who is very good) was
running Red Hat 5.1 and someone broke in and got root privileges.
Since he had written a Lan watch, we think we know how it happened.
The Lan Watch showed someone form Israel send a very long
packet to mountd. Shortly after, two names were added to
the password file with user id 0. We suspect that
/etc was NFS mounted with write permission. Afterwards
there were logins from the two added names and rsh was changed.
Is Debian vulnerable? Unfortunately, I haven't progressed
to the stage where I am comfortable looking at code.