The user wnn can be a normal system user in RH9, as shown
here. However, if you look closely at the link, everything seems normal (uid,gid,default shell) except that the home directory seems abnormal (/home/wnn vs /var/lib/wnn) which is troublesome.
I believe the user wnn is required for language software that performs network extensible Japanese character conversion (like freewnn). Did you recently install anything like that? If you don't know, try checking your rpm database with:
rpm -qa | grep wnn
or maybe a up2date/yum addition? Check the logs of those in /var/log if you use either one to auto-update software.
Aside from that, have you checked root's .bash_history for anything around that time period that might be informative. Checkout /home/wnn and see what that turns up (esp take a look at wnn's .bash_history as well).
In general, take a close look at your other log files for anything abnormal, look at /etc/passwd for any other abnormal users or users w/ a uid/gid of 0. Take a look at the output of netstat -pantu and lsof -i to see if you have any abnormal services or backdoors listening and take a look at the outout of ps -aux. You could also download and run chkrootkit as well.
By itself, I don't think it's definitive of anything. Could be normal, but it does seem slightly suspicious.