chpass in OpenBSD 2.0 through 3.2 allows local users to read portions of arbitrary files via a hard link attack on a temporary file used to store user database information.
https://exchange.xforce.ibmcloud.com/vulnerabilities/11233
http://www.securitytracker.com/id?1006035
http://www.securityfocus.com/bid/6748
http://www.securityfocus.com/archive/1/309962