In the work I've been doing on Mifi hotspots of late I can tell you every SMB-supporting router and network file sharing device from your home ASUS kit to enterprise NASes is exposed, not to mention OSX. This thing is huge.
Some abuse cases:
* On a wireless network if you have SMB file sharing enabled on your Mac and no firewall, this could be easily abused once working code comes out.
* Got a QNAP NAS or other sharing device and thinking of taking it to your local LAN party? Hope you know everyone well enough.
* Using a MiFi hotspot to get access to the Internet when travelling? Hope you changed the default password, and that it's not listening on it's external interface.
* Corporate network using an appliance-based SAN/NAS? What a fantastic place to hide, right where all the files are.
This is an awesome bug, I wish I had the time to look into it properly but am busy until next weekend.
Running Samba exposed to a public network isn't the only issue here. Even on an internal network, this would allow file/directory permissions to be bypassed.
He means that SMB is not a secure protocol and can't be run securely over an untrusted network at all. Vulnerabilities within a private network are a different class of problem. Obviously you should upgrade/patch and pull the fix. But if (say) the operation of your 20-person company depends on a live Samba instance, you might logically make the decision to leave it unpatched on your internal network for a day or so until you have time to test the upgrade.
http://lwn.net/Articles/491523/
edit:
Samba 3.0.x - 3.6.3
http://www.samba.org/samba/history/samba-3.0.0.html
So... yeah... 9 years. Wow.