A hacker broke into my freshly installed Redhat 6.2 system using this exploit. The message logged in /var/log/messages was rpc.statd[331]: SM_MON request for hostname containing '/': Following the colon was the data he used to alter the return address of the call and execute the bits to put an entry into inetd.conf to allow a shell to run etc. Usual story. I don't think I should responsibly post that data here. I probably can't anyway because some of the characters aren't printable here. Looks like a buffer overflow problem. Sorry if I've posted this in the wrong category but I can't find one for it.
Component for rpc.statd appears to be knfsd-clients ...
Did you have http://www.redhat.com/support/errata/RHSA-2000-043-03.html actually installed?
I didn't at the time but I do now. They've since tried to get in again via the same route and they can't so that's solved the problem. Cheers :)