Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name.

More... (http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0022)