CVE 2006-4248
thttpd on Debian GNU/Linux, and possibly other distributions, allows local users to create or touch arbitrary files via a symlink attack on the start_thttpd temporary file.
See the
CVE page on Mitre.org
for more details.