patchadd in Solaris allows local users to overwrite arbitrary files via a symlink attack.
CVSS Metrics
