A memory corruption vulnerability exists in the chain_reply() function in Samba 3.3.12 and earlier. 3.4.x and later are not affected. This flaw could allow a remote, unauthenticated attacker, to crash the samba server or, possibly, execute arbitrary code with the privileges of the samba server.
Acknowledgements:
Red Hat would like to thank the Samba team for responsibly reporting this issue. Upstream acknowledges Jun Mao as the original reporter.
This issue has been addressed in following products:
Red Hat Enterprise Linux 3
Red Hat Enterprise Linux 4
Red Hat Enterprise Linux 5
Red Hat Enterprise Linux 5.3.Z - Server Only
Red Hat Enterprise Linux 5.4.Z - Server Only
Red Hat Enterprise Linux 4.7 Z Stream
Via RHSA-2010:0488 https://rhn.redhat.com/errata/RHSA-2010-0488.html