bindsock in Lotus Domino 5.07 on Solaris allows local users to create arbitrary files via a symlink attack on temporary files.
https://exchange.xforce.ibmcloud.com/vulnerabilities/8586
http://www.securityfocus.com/bid/4318
http://www.esecurityonline.com/advisories/eSO4125.asp
http://www-1.ibm.com/support/docview.wss?rs=0&uid=swg21095671