NTP vulnerability on versions prior to 4.2.8 -- we OK?

Just saw this post about an unpatched vulnerability in NTP and wasn't sure what version a Mavericks server would be running. Here's the link:

http://www.zdnet.com/article/major-ntp-security-holes-appears-and-are-being-expl oited/

There are lots of resource links within the post, but I got stuck on the basics -- trying to figure out what version of NTP is running on my server. Can anybody point me in the right direction? From what I can gather, the version of NTP on an Apple server may be different than the vulnerable one, but it's hard to tell.

Posted on Dec 20, 2014 4:46 PM

33 replies

Dec 26, 2014 12:44 PM in response to cpragman

What about the UNIX Dev Support.option?
It has Command-line tools used for UNIX-based development.

Are those the Command-line tools I need?

Jan 3, 2015 3:55 AM in response to JohnDCCIU

John in the Terminal with "ps ax | grep ntp". What does the vertical bar separator between ps ax and grep ntp stand for? How is it uesd?

Thanks sorry not very savy about terminal.

Paul

cpragman

Level 2

465 points

Jan 3, 2015 3:01 PM in response to One Wonders

The vertical bar "|" is the unix "pipe" operator. It takes the output of whatever is on the left side, and pipes it into the command that is on the right side.

In the example above ("ps ax | grep ntp"), the command ps is run. The results of the ps command are dumped to STDOUT (normally the screen). By using the pipe operator, the results are piped to the second command (grep) which takes them as input, and searches for the keyword "ntp".

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

NTP vulnerability on versions prior to 4.2.8 -- we OK?