Blade ZipKit - Network Time Protocol Compliance

Version 3

    Blade ZipKit – Network Time Protocol Compliance



    Blade ZipKit Package Info

    Name: NTP Vulnerabilities Check

    Type: Component Template

    BSA Compatible Version: 8.3, 8.5, 8.6, 8.7

    Version: 1.0

    Created by: Pankaj Kumar Singh

    Tested version on:

    Tested against host running: Red Hat


    This Component Template checks Network Time Protocol Vulnerabilities using BSA!

    This update address a problem which was highlighted by the US Government ( The vulnerability has the potential to allow an attacker to execute arbitrary code using the privileges of the ntpd process.


    The attached template works for following RHEL version and vulnerabilities


    Red Hat Enterprise Linux version 5CVE-2014-9293, CVE-2014-9294, CVE-2014-9295
    Red Hat Enterprise Linux version 6CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296
    Red Hat Enterprise Linux version 7CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296



    The component template checks the following to check compliance

    • Installed NTP version
    • Change log


    Standard Steps BSA Admin should follow


    1. Copy the template in local drive 
    2. Using RCP, right click on the “Component template” node and Import. 
    3. Select import (use version neutral)
    4. Your template with name “NTP Vulnerabilities Detection” will be created under folder “NTP Vulnerabilities Detection” 
    5. Create and run Discovery job for managed servers (RHEL only) 
    6. Create and run Compliance Job using the template. 
    7. Job result view will list non-compliant servers. 
    8. Run the remediation job by right clicking the root node – Template node under Job Results view. 
    9. Remediation job uses “yum –y update ntp” command to update the package. 
    10. After remediation job is successfully completed, re-run the compliance Job(Rescan). 
    11. Your server should be patched to latest ntp package .