OpenSSH version 2.9 and previous versions, with X forwarding enabled, allows a local malicious user to delete any file named 'cookies' via a symlink attack.
openbsd openssh