Suid programs aren't the only way local exploits can occur. Another fairly common occurance is /tmp race conditions, or predictable filenames. This is where a user creates a specially named file in /tmp which some process running as root then uses instead of the file it's supposed to. This is particually relevant to cron jobs. When scripting these you should be carefull that if they use files in /tmp they use a truely unpredictable name or they check the ownership of the file they are using.
Another bug is with symlinks. If a user symlinks /tmp/foo to /etc/passwd and a root process creates to create and write to /tmp/foo then /etc/passwd may be overwritten!
Another local exploit could also be created by leaving a file with the wrong permissions set.