Util/difflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
https://exchange.xforce.ibmcloud.com/vulnerabilities/38812
https://bugs.gentoo.org/show_bug.cgi?id=201022
http://www.zsh.org/mla/workers/2007/msg01066.html
http://www.zsh.org/mla/workers/2007/msg01065.html
http://www.zsh.org/mla/workers/2007/msg01060.html
http://www.securityfocus.com/bid/26674