www.redhat.com should have listed their security exploits with each release and the packages/patches to fix them....
But if your asking for us to help crack into your friends system, you have the wrong forum, as we will not contribute to any such actions, etc, and a question or thread asking of such actions will be closed immediately.