A time-of-check time-of-use (TOCTOU) race condition was found in the way systemtap runtime tool (staprun) performed module loading. A small time gap between performing module sanity checks and actual, real loading of the module into the kernel, was present. A local user, member of the 'stapusr' group could use this flaw to escalate their privileges.
Created attachment 509875 [details] read instead of mmap to load modules
This issue affects the version of the systemtap package, as shipped with Red Hat Enterprise Linux 4, 5, and 6. -- This issue affects the versions of the systemtap package, as shipped with Fedora release of 14 and 15.
Created systemtap tracking bugs for this issue Affects: fedora-all [bug 725578]
This issue has been addressed in following products: Red Hat Enterprise Linux 5 Via RHSA-2011:1089 https://rhn.redhat.com/errata/RHSA-2011-1089.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:1088 https://rhn.redhat.com/errata/RHSA-2011-1088.html
External References: http://sources.redhat.com/git/gitweb.cgi?p=systemtap.git;a=commitdiff;h=ed51cfa24ca27746ab09b59280b94117dd58cba3