An attacker can exploit this issue to crash the application or cause the application to enter an infinite loop. Due to the nature of this issue, arbitrary code execution may be possible; this has not been confirmed. All current released versions of Samba are vulnerable to a denial of service caused by memory corruption. Range checks on file descriptors being used in the FD_SET macro were not present allowing stack corruption. This can cause the Samba code to crash or to loop attempting to select on a bad file descriptor set.
A connection to a file share, or a local account is needed to exploit this problem, either authenticated or unauthenticated (guest connection).
Currently we do not believe this flaw is exploitable beyond a crash or causing the code to loop, but on the advice of our security reviewers we are releasing fixes in case an exploit is discovered at a later date.