All versions of NTP prior to 4.2.8 contain buffer overflow vulnerabilities that can be exploited to put servers at risk for remote code execution, generally considered one of the most dangerous types of vulnerabilities. That’s the bad news. The worse news is that there are already exploits for these vulnerabilities being circulated.
Read more of the details:
http://threatpost.com/exploits-circulating-for-remote-code-execution-flaws-in-ntp-protocol/110001