Mac OS X before 10.3 with core files enabled allows local users to overwrite arbitrary files and read core files via a symlink attack on core files that are created with predictable names in the /cores directory.
https://exchange.xforce.ibmcloud.com/vulnerabilities/13542
http://www.securityfocus.com/bid/8917
http://www.securityfocus.com/bid/8914
http://www.atstake.com/research/advisories/2003/a102803-1.txt