We suffered a break in that has been traced to an individual on a remote host connecting to several of our RedHat Linux 5.0 and 5.1 Intel-based systems. The connection was via telnet, and it appears in.telnetd was manipulated to give up a root shell. The remote user did not have a legitimate account on any of our systems. Redhat 5.0 Alpha systems in the same lab were not attacked. Several other Intel based Linux systems (both Redhat and Slacware) at other sites on campus were succeessfully attacked at the same time.
Before we can be concerned about a security hole, the machines must be updated to all security errata on updates.redhat.com. If those updates have been applied, then please reopen this bug.