The mount_smbfs (http://developer.apple.com/documentation/Darwin/Reference/ManPages/man8/mount_smbfs.8.html) utility is "used to mount a remote SMB share locally. It is installed set-uid root, so as to allow unprivileged users to mount shares, and is present in a default installation on both the Server and Desktop versions of Mac OS X". Local exploitation of a stack based buffer overflow vulnerability in Apple Inc.'s Mac OS X mount_smbfs utility could allow an attacker to execute arbitrary code with root privileges.

http://www.securiteam.com/unixfocus/6J00Q00KKA.html