Good news: Only affects the AD / LDAP component. Bad news: That component is enabled by default. Good news: If you don't use Samba LDAP, an effective mitigation is to just disable the ldap service (search the fine article for "Disable LDAP").
Don't know why you're downvoted. It's a relevant question. Synology is using samba for their SMB drives, haven't found a description on how the DSM is affected.
Haven't used samba much; this is enlightening. Previously I had assumed it just used the same auth system (e.g. PAM) as the host. That would entail its own complications but would probably have prevented this bug.
It would not be possible to have an AD server using PAM, AD protocols need the NT hash.
Samba can only use PAM when plaintext passwords are used, which is not supported at all with AD (Samba as standalone requires you to store passwords in it's own database). As an Active Directory server, passwords are stored in the directory with access provided by multiple protocols. This was an issue in the LDAP ACL verification.
LDAP always has the userPassword attribute which is fully comptible with Linux, you just have to change both at the same times (this is in fact what i did for one of my clients)
