Nessus or other security scanner reports "Process image does not match prelink verification image."
Issue
- Nessus or other security scanner reports
Process image does not match prelink verification image.
The following daemons are associated with broken links to executables :
- 12345 udp: (/usr/sbin/avahi-daemon)
- Process image does not match prelink verification image. :
Process image md5sum : abcdef01234567890abcdef012345678
Prelink verification image md5sum : 01234567890abcdef01234567890abcd
Vulnerability Description: "By examining the '/proc' filesystem on the remote Linux host, Nessus has identified at least one currently-running daemon for which the link to the corresponding executable is broken.
This can occur when the executable associated with a daemon is replaced on disk but the daemon itself has not been restarted. And if the changes are security-related, the system may remain vulnerable to attack until the daemon is restarted.
Alternatively, it could result from an attacker removing files in an effort to hide malicious activity.
Environment
- Red Hat Enterprise Linux
- Nessus or other third-party security scanner
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.