Description
It was found that SystemTap did not perform proper module path sanity
checking if a user specified a custom path to the uprobes module, used
when performing user-space probing ("staprun -u"). A local user who is a
member of the stapusr group could use this flaw to bypass intended
module-loading restrictions, allowing them to escalate their privileges by
loading an arbitrary, unsigned module. (CVE-2011-2502)
A race condition flaw was found in the way the staprun utility performed
module loading. A local user who is a member of the stapusr group could
use this flaw to modify a signed module while it is being loaded,
allowing them to escalate their privileges. (CVE-2011-2503)