iDefense has identified an integer buffer overflow in Samba (smbd) versions 3.0.9 and earlier, including 2.X, that allows arbitrary code execution with root privileges. Exploitation of this vulnerability requires that the attacker be successfully authenticated to a Samba share.
Alerts and updated Samba packages are available from most vendors. The Samba Team has also made a patch available. For more information see the following advisories or refer to your linux vendors security/update site.
http://www.idefense.com/application/poi/display?id=165
http://us1.samba.org/samba/security/CAN-2004-1154.html
http://secunia.com/advisories/13453/