CVE-2005-2713
passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows local users to create arbitrary world-writable files as root by specifying an alternate file in the password database option.
Date published : 2006-03-02
http://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html