I have a friend who has a machine that has Debian 3.0 (woody). he wasn't updating some of the software as he said debian is relaible. anyway, somebody gain a root access to the machine. he took it off to see how it gets that. I scanned it with nessus and found there were some high risk services without updates such as
send mail ESMTP 8.12.3/Debian-6.6
How would somebody gain access to the machine as root?
thanks for any comments or links.