Computer Associates ARCserveIT 6.61 and 6.63 (also called ARCservIT) allows local users to overwrite arbitrary files via a symlink attack on the temporary files (1) asagent.tmp or (2) inetd.tmp.
http://www.securityfocus.com/bid/2748
http://www.securityfocus.com/bid/2741
http://archives.neohapsis.com/archives/bugtraq/2001-05/0184.html