CVE-2005-2748
The malloc function in the libSystem library in Apple Mac OS X 10.3.9 and 10.4.2 allows local users to overwrite arbitrary files by setting the MallocLogFile environment variable to the target file before running a setuid application.
Date published : 2005-10-25
http://lists.apple.com/archives/security-announce/2005/Sep/msg00002.html