The capsh program in libcap before 2.22 does not change the current working directory when the –chroot option is specified, which allows local users to bypass the chroot restrictions via unspecified vectors.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Libcap | Libcap | * | 2.21 (including) |
| Libcap | Libcap | 2.00 (including) | 2.00 (including) |
| Libcap | Libcap | 2.01 (including) | 2.01 (including) |
| Libcap | Libcap | 2.02 (including) | 2.02 (including) |
| Libcap | Libcap | 2.03 (including) | 2.03 (including) |
| Libcap | Libcap | 2.04 (including) | 2.04 (including) |
| Libcap | Libcap | 2.05 (including) | 2.05 (including) |
| Libcap | Libcap | 2.06 (including) | 2.06 (including) |
| Libcap | Libcap | 2.07 (including) | 2.07 (including) |
| Libcap | Libcap | 2.08 (including) | 2.08 (including) |
| Libcap | Libcap | 2.09 (including) | 2.09 (including) |
| Libcap | Libcap | 2.10 (including) | 2.10 (including) |
| Libcap | Libcap | 2.11 (including) | 2.11 (including) |
| Libcap | Libcap | 2.12 (including) | 2.12 (including) |
| Libcap | Libcap | 2.13 (including) | 2.13 (including) |
| Libcap | Libcap | 2.14 (including) | 2.14 (including) |
| Libcap | Libcap | 2.15 (including) | 2.15 (including) |
| Libcap | Libcap | 2.16 (including) | 2.16 (including) |
| Libcap | Libcap | 2.17 (including) | 2.17 (including) |
| Libcap | Libcap | 2.18 (including) | 2.18 (including) |
| Libcap | Libcap | 2.19 (including) | 2.19 (including) |
| Libcap | Libcap | 2.20 (including) | 2.20 (including) |
| Red Hat Enterprise Linux 6 | RedHat | libcap-0:2.16-5.5.el6 | * |
| Libcap2 | Ubuntu | lucid | * |
| Libcap2 | Ubuntu | maverick | * |
| Libcap2 | Ubuntu | natty | * |
| Libcap2 | Ubuntu | oneiric | * |
| Libcap2 | Ubuntu | quantal | * |
| Libcap2 | Ubuntu | raring | * |
| Libcap2 | Ubuntu | saucy | * |
| Libcap2 | Ubuntu | upstream | * |