According to Samba:
"Various bugs in Samba's NDR parsing can allow a user
to send specially crafted MS-RPC requests that will
overwrite the heap space with user defined data."
These will affect Samba as shipped in Red Hat Enterprise Linux 2.1, 3, 4, 5.
Red Hat would like to thank the Samba developers, TippingPoint, and iDefense for reporting these issues.
removing embargo, now public
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.