Aspppls for Solaris 8 allows local users to overwrite arbitrary files via a symlink attack on the .asppp.fifo temporary file.
https://exchange.xforce.ibmcloud.com/vulnerabilities/10105
http://www.securityfocus.com/bid/5698
http://www.kb.cert.org/vuls/id/464817