Samba file service does not performs ACL checks against stream files while performing generic file operations like read and write. This could allow a remote attacker to bypass file restrictions by leveraging ACL differences between a file and an associated alternate data stream.
Read more here – http://www.samba.org/samba/security/CVE-2013-4475
Patches addressing this issue can be found here – http://www.samba.org/samba/security/