[oldlurker]

To recap part of the old thread:

Shutting down ports will not help because the exploit is an buffer overflow inside the world or zone binaries.
Such an buffer overflow might allow the attacker to gain higher privileges inside the binary or even execute commands on the host system.

Normally the first step after such an attack is to get an trojan package from a remote site and execute it on the host system. This trojan will look for other exploitable holes on the system to gain superuser privileges and hide itself from detection.

Sad thing is most Linux systems are as vulnerable for these 'local root exploits' as the average windows system because not many people give a thought about securing their server or installing security fixes.

Unfortunately just looking around in the sourcecode until we find that exploit could be the proverbial search for a needle in a haystack. There are tools out there that can help with identifying potential security risks in your sourcecode but someone still has to interpret what is harmless and what not.