The NTP protocol uses keys to implement authentication. The weak seeding of the pseudo-random number generator makes it easier for an attacker to brute-force keys, and thus may broadcast incorrect time stamps or masquerade as another time server. [CVE-2014-9293, CVE-2014-9294]
An attacker may be able to utilize the buffer overflow to crash the
ntpd(8) daemon or potentially run arbitrary code with the privileges of the
ntpd(8) process, which is typically root. [CVE-2014-9295]
