Nessus or other security scanner reports "Process image does not match prelink verification image."

Solution Unverified - Updated -

Issue

  • Nessus or other security scanner reports Process image does not match prelink verification image.
The following daemons are associated with broken links to executables :

  - 12345 udp: (/usr/sbin/avahi-daemon)
    - Process image does not match prelink verification image. : 
        Process image md5sum              : abcdef01234567890abcdef012345678
        Prelink verification image md5sum : 01234567890abcdef01234567890abcd

Vulnerability Description: "By examining the '/proc' filesystem on the remote Linux host, Nessus has identified at least one currently-running daemon for which the link to the corresponding executable is broken.

This can occur when the executable associated with a daemon is replaced on disk but the daemon itself has not been restarted.  And if the changes are security-related, the system may remain vulnerable to attack until the daemon is restarted.

Alternatively, it could result from an attacker removing files in an effort to hide malicious activity.

Environment

  • Red Hat Enterprise Linux
  • Nessus or other third-party security scanner

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content