Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier versions allows local users to overwrite arbitrary files via a symlink attack on temporary files that are created in directories with group-writable or world-writable permissions.
http://www.securityfocus.com/bid/7412
http://www.bugzilla.org/security/2.16.2/
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000653