A malicious client could send packets that may set up the stack in such a way that the freeing of memory in a subsequent anonymous netlogon packet could allow execution of arbitrary code. This code would execute with root privileges.
On Samba versions 4.0.0 and above, it is recommended to add the line:
to the [global] section of your smb.conf. For Samba versions 3.6.x and earlier, this workaround is not available.