On December 2001 I reported a bug in rshd and rexecd to Red Hat. Basically, rshd and rexecd failed to change to user's home directory if it is mounted by NFS because chdir(2) syscall was performed before setuid(2) and user running rshd or rexecd (i.e. root) becomes nobody in NFS mounts (this is a common scenario). On September 2002 I reported the same bug to Inetutils, which implements a different (and probably more updated) version of rshd and rexecd.
Inetutils 1.4.2 was released on January 2003, and it included the fixes I suggested for rshd and rexecd. Since I found the new release of Inetutils last week, I downloaded the latest rsh RPM from Red Hat Linux 9 to check if it was still unpatched (my first report was on Red Hat Linux 7.0). It was, so I got back to Red Hat Bugzilla and added a comment. This time I was luckier and yesterday my patches were finally added into rsh-0.17-17, which should be publicly released soon.