A flaw was found in the way samba implemented DCE/RPC. If a client to a Samba server sent a very large DCE/RPC request and chose to fragment it an attacker could replace later fragments with their own data bypassing the signature requirements.

...