CVE-2006-4396
The Apple Type Services (ATS) server in Mac OS X 10.4.8 and earlier does not securely create log files, which allows local users to create and modify arbitrary files via unspecified vectors, possibly relating to a symlink attack.
Date published : 2006-11-30
http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html