The Network Time Daemon (ntpd) supplied with all releases of Red Hat Linux is vulnerable to a buffer overflow, allowing a remote attacker to potentially gain root level access to a machine. All users of ntpd are strongly encouraged to upgrade.
The Network Time Daemon (xntpd on Red Hat Linux 6.2 and earlier, ntpd on Red Hat Linux 7.0) does not properly check the size of a buffer used to hold incoming data from the network. Potentially, an attacker could gain root access by exploiting this weakness. Potential damage is mitigated by the fact that the Network Time Daemon is not enabled by default. If you are not using network time services, it may not even be installed. As a general rule, Red Hat encourages users to enable only those network services they actually need.