YARA Memory Scan (Linux)

Critical Nessus Plugin ID 97863

Synopsis

Nessus detected one or more malicious processes on the remote host.

Description

Nessus detected one or more processes on the remote Linux host that match a YARA rule. Note that scanning memory requires a privileged account that can use ptrace.

Solution

n/a

See Also

http://virustotal.github.io/yara/

Plugin Details

Severity: Critical

ID: 97863

File Name: linux_yara_mem_scan.nbin

Version: 1.163

Type: local

Agent: unix

Family: Backdoors

Published: 2017/03/21

Modified: 2018/12/06

Dependencies: 12634

Risk Information

Risk Factor: Critical

CVSS v2.0

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS v3.0

Base Score: 10

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Vulnerability Information

Required KB Items: Host/uname