A time-of-check time-of-use (TOCTOU) race condition was found in the way
systemtap runtime tool (staprun) performed module loading. A small time gap
between performing module sanity checks and actual, real loading of the
module into the kernel, was present. A local user, member of the 'stapusr'
group could use this flaw to escalate their privileges.
This issue affects the version of the systemtap package, as shipped with
Red Hat Enterprise Linux 4, 5, and 6.
--
This issue affects the versions of the systemtap package, as shipped with
Fedora release of 14 and 15.