The Linux kernel 2.6.33.2 and earlier, when a ReiserFS filesystem exists, does not restrict read or write access to the .reiserfs_priv directory, which allows local users to gain privileges by modifying (1) extended attributes or (2) ACLs, as demonstrated by deleting a file under .reiserfs_priv/xattrs/.
http://marc.info/?l=linux-kernel&m=127076012022155&w=2
https://bugzilla.redhat.com/show_bug.cgi?id=568041
http://secunia.com/advisories/39316