CVE-2011-2502

Name of the Vulnerable Software and Affected Versions SystemTap versions 1.4 SystemTap before version 1.6

Description The issue concerns multiple vulnerabilities in the SystemTap package of Red Hat Enterprise Linux, which can lead to breaches of confidentiality, integrity, and availability of protected information. These vulnerabilities can be exploited locally. Specifically, the systemtap runtime tool (staprun) in SystemTap before 1.6 does not properly validate modules when a module path is specified by a user for user-space probing, allowing local users in the stapusr group to gain privileges via a crafted module in the search path in the -u argument.

Recommendations For SystemTap versions 1.4, update to a version later than 1.4 to resolve the issue. For SystemTap before version 1.6, update to version 1.6 or later to address the vulnerability in the systemtap runtime tool (staprun). As a temporary workaround, consider restricting access to the stapusr group to minimize the risk of exploitation.