There was a security issue with the default installed configurationof autofs version 5 whereby the entry for the "hosts" map did not specify the "nosuid" mount option. The risk is MEDIUM. A local user with control of a remote nfs server could create a setuid root executable within an exported filesystem on the remote nfs server that, if mounted using the default hosts map, would allow the user to gain root privileges.
More...