Some more info from the admins at u-strasbg.fr...



The sites attacked during last week-end (Saturday and Sunday) in 
Strasbourg, France, are SUN/OS stations in our astronomical institute 
(cdsxb6.u-strasbg.fr, astro.u-strasbg.fr or cdsxba.u-strasbg.fr). 
These machines are pretty visible on the network as we manage an 
international data center, including ftp and web site.

Apparently the hacker used a hole in the "sendmail" on these machines 
to enter the system and gain "root" privileges. 

National and international computer security organizations (including
CERT) have been immediately informed, a complaint have been lodged,
and the French security agency (DST) is working on the problem, in
collaboration with FBI.
We have partial copies of the list of addresses used, and they are
being analysed.

Two days later the same problem arose in ESO computers in Garching,
Germany. ESO is an international organization (European Southern
Observatory) with which we are closely collaborating and the hacker
obviously benefited  rhosts  connections existing between our two 
networks of workstations.



Email: lan@panix.com