Check NTP version in Esxi 5.1

Hi all,

Please advise how I can check the NTP version in use?
I tried to check it vSphere client. But I cannot figure out.
Thanks
ee_lcpaaAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

gheistCommented:
It is NTP version 4 since ESX 3.5
0
ee_lcpaaAuthor Commented:
Hi gheist,

Can I know the exact version?

According to the NTP vunlenarabiilites annonced in the link below, I want to check if the version currenlty running in my system is before 4.2.8p1 or not.

https://ics-cert.us-cert.gov/advisories/ICSA-14-353-01C

Please advise. Thanks.
0
gheistCommented:
vmware does not blindly copy NTP distribution to ESXi
We need to focus on fixes required
CVE-2014-9293
CVE-2014-9294
CVE-2014-9295
CVE-2014-9296
CVE-2014-9297
CVE-2014-9298
None of them affects NTP client on ESXi hosts.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

ee_lcpaaAuthor Commented:
Hi gheist,

Can you provide more information for my reference why you said that the vulnerabilities in your list do not affect NTP client on ESXi hosts.



Thanks.
0
gheistCommented:
vmware's security advisories are very brief
This (5.1U3) looks like for your issue, but ask vmware official support for hard statement
https://www.vmware.com/security/advisories/VMSA-2014-0002
I post it because it is last change of NTP component for 5.1 as published.
If you use best practice, i.e allow NTP client to designated NTP servers, then somebody must send the bad packets from your NTP server.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
larstrCommented:
The ntp version used in the latest ESXi 6.0 image is ntp-4.2.8p1. You can find out the version by downloading the Open Source Components for the version you need.

https://my.vmware.com/web/vmware/details?downloadGroup=ESXI600B_OSS&productId=491

Lars
0
ee_lcpaaAuthor Commented:
Hi gheist,


Regarding the following vunlerabilities, you mention that they affect NTP server only, not NTP client.


CVE-2014-9293
CVE-2014-9294
CVE-2014-9295
CVE-2014-9296
CVE-2014-9297
CVE-2014-9298

Is my understanding correct?
Also, may I ask if NTP server is avaiable on Esxi hosts (even not running).

Please advise. Thanks.
0
gheistCommented:
ntp distribution works that wa that you run NTP server as a client. Then for ESXi you apply firewall rules to make it inaccessible as a server, only allowing client connections out.
0
ee_lcpaaAuthor Commented:
Hi gheist,

Sorry that I am not familar with NTP distribution.

So you mean I am capable to startup a NTP server on a ESXI host. Right?

Below paragraph is extracted from ICS-CERT's web site
CVE-2014-9295 -- "A remote attacker can send a carefully crafted packet that can overflow a stack buffer and potentially allow malicious code to be executed with the privilege level of the ntpd process. All NTP4 releases before 4.2.8 are vulnerable."

As far as I know, a ntpd deamon is used to do time sync with a NTP server.
May I check with you how you can draw a conclusion that the following vulnearabilities do not affect NTP client on Esxi hosts. Please correct me if my understanding is incorrect. Thanks.

CVE-2014-9293
 CVE-2014-9294
 CVE-2014-9295
 CVE-2014-9296
 CVE-2014-9297
 CVE-2014-9298
0
gheistCommented:
Yes, it runs NTP server but with default ESXi configuration noone can send packets to it.
0
ee_lcpaaAuthor Commented:
Hi gheist,

How about my query if those vulnerabilities are applicable to NTP client?

Seems contradicting to the first paragraph in this web site
https://www.kb.cert.org/vuls/id/852879

Pls clarify. Thanks

 The NTP Project ntpd version 4.2.7 and pervious versions contain several vulnerabilities. ntp-keygen prior to version 4.2.7p230 also uses a non-cryptographic random number generator when generating symmetric keys. These vulnerabilities may affect ntpd acting as a server or client.
0
gheistCommented:
You need to approach vmware support for staement. It does not log ntpd version in syslogs like its older brother Linux does.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
VMware

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.