ml85p, as included in the printer-drivers package for Mandrake Linux, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable filenames of the form "mlg85p%d".
http://www.securitytracker.com/id?1005959
http://www.securityfocus.com/archive/1/307608/30/26270/threaded
http://www.mandriva.com/security/advisories?name=MDKSA-2003:010
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0029.html