CVE-2023-38960 – This vulnerability allows a local attacker to e... (How to Fix)

📋 TL;DR

This vulnerability allows a local attacker to escalate privileges and execute arbitrary code on systems running RaidenFTPD v2.4 build 4005 due to insecure file permissions in the installation directory. Attackers can place malicious executables that run with elevated privileges when the service executes.

💻 Affected Systems

Products:

Raiden Professional Server RaidenFTPD

Versions: v2.4 build 4005

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Affects default installations where the FTPD service runs with elevated privileges and installation directory has insecure permissions.

📦 What is this software?

Raidenftpd by Raidenftpd

View all CVEs affecting Raidenftpd →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with administrative privileges, allowing installation of persistent backdoors, data theft, and lateral movement across the network.

🟠

Likely Case

Local privilege escalation leading to unauthorized access to sensitive files, service disruption, and potential foothold for further attacks.

🟢

If Mitigated

Limited impact with proper access controls, but still presents risk if attackers gain initial access to the system.

🌐 Internet-Facing: LOW - This is a local privilege escalation vulnerability requiring initial access to the system.

🏢 Internal Only: HIGH - Once an attacker gains any level of local access, they can exploit this to gain full system control.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires local access to place malicious executables in the installation directory. The vulnerability is well-documented with public technical details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Unknown

Vendor Advisory: No official vendor advisory found

Restart Required: Yes

Instructions:

1. Check if newer versions exist from vendor
2. If no patch available, apply workarounds
3. Consider migrating to alternative FTP server software

🔧 Temporary Workarounds

Restrict Installation Directory Permissions

windows

Set strict file permissions on the RaidenFTPD installation directory to prevent unauthorized write access

icacls "C:\Program Files\RaidenFTPD" /inheritance:r /grant:r "Administrators:(OI)(CI)F" /grant:r "SYSTEM:(OI)(CI)F" /grant:r "Users:(OI)(CI)RX"

Run Service with Least Privilege

windows

Configure RaidenFTPD service to run with minimal required privileges instead of elevated permissions

sc config RaidenFTPD obj= "NT AUTHORITY\LocalService" password= ""

🧯 If You Can't Patch

Remove write permissions for non-administrative users from the RaidenFTPD installation directory
Monitor the installation directory for unauthorized file creation or modification attempts

🔍 How to Verify

Check if Vulnerable:

Check RaidenFTPD version via Help → About in the application interface or examine the executable properties

Check Version:

Check executable properties or registry at HKEY_LOCAL_MACHINE\SOFTWARE\RaidenFTPD

Verify Fix Applied:

Verify installation directory permissions using 'icacls "C:\Program Files\RaidenFTPD"' and ensure only administrators have write access

📡 Detection & Monitoring

Log Indicators:

Unexpected file creation in RaidenFTPD directory
Service restart events
Privilege escalation attempts

Network Indicators:

Unusual FTP traffic patterns
Unexpected outbound connections from FTP service

SIEM Query:

EventID=4663 AND ObjectName LIKE '%RaidenFTPD%' AND Accesses LIKE '%WRITE%'

📊 Metadata

CVE ID: CVE-2023-38960

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-276

Published: February 13, 2024

Last Updated: May 7, 2025

🔗 References

https://rodelllemit.medium.com/insecure-permissions-vulnerability-in-raidenftpd-v2-4-build-4005-2016-04-01-ea7389be3d33 Exploit,Third Party Advisory
https://rodelllemit.medium.com/insecure-permissions-vulnerability-in-raidenftpd-v2-4-build-4005-2016-04-01-ea7389be3d33 Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-38960, you might also want to check these: