Nessus or other security scanner reports "Process image does not match prelink verification image."

Solution Unverified - Updated -

Issue

  • Nessus or other security scanner reports Process image does not match prelink verification image.
The following daemons are associated with broken links to executables :

  - 12345 udp: (/usr/sbin/avahi-daemon)
    - Process image does not match prelink verification image. : 
        Process image md5sum              : abcdef01234567890abcdef012345678
        Prelink verification image md5sum : 01234567890abcdef01234567890abcd

Vulnerability Description: "By examining the '/proc' filesystem on the remote Linux host, Nessus has identified at least one currently-running daemon for which the link to the corresponding executable is broken.

This can occur when the executable associated with a daemon is replaced on disk but the daemon itself has not been restarted.  And if the changes are security-related, the system may remain vulnerable to attack until the daemon is restarted.

Alternatively, it could result from an attacker removing files in an effort to hide malicious activity.

Environment

  • Red Hat Enterprise Linux
  • Nessus or other third-party security scanner

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.

Current Customers and Partners

Log in for full access

Log In