CVE-2008-3609
The kernel in Apple Mac OS X 10.5 through 10.5.4 does not properly flush cached credentials during recycling (aka purging) of a vnode, which might allow local users to bypass the intended read or write permissions of a file.
Date published : 2008-09-16
http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html