It appears that NFS server and/or client and/or MOUNTD has a security bug which allows an intruder to add shell accounts to the /etc/passwd file. We had an attemted breakin stopped only after the intruder tripped certain security measures installed on the machine, but AFTER successfull unauthorized login. The NFS server was installed and running even though NOTHING was shared through the NFS. If you need more info on the subject, please contact Alex Tsekhansky @ atsekhan If this is a known bug, I would appreciate the info on the fix.
upgrade to the latest nfs-* from the errata.