A critical vulnerability in Samba file servers and domain controllers allows remote attackers to achieve command execution through improper escaping of shell meta-characters in the 'check password script' feature. The flaw occurs when the script is configured with the %u substitution character, allowing client-controlled usernames to be passed without proper sanitization. This primarily affects non-standard configurations where the check password script uses %u and the samba-dcerpcd service runs as a system service. The vulnerability enables remote code execution on affected systems through exploitation of the misconfigured password checking mechanism.