The vfs_worm module is intended to make files immutable over SMB a
short time after they are created. The time window in which they are
writable is configurable, defaulting to one hour.

The hook that handles renames was checking that the file being renamed
was still mutable, but it was not checking whether the destination
filename already belonged to another worm-protected file. This meant
that any file could be changed by an attacker with write access, by
writing to a temporary file and renaming over the target.

It is important to note that the vfs_worm module only adds additional
protections. Neither the underlying file system access controls, nor
any other Samba modules are bypassed.

The vfs_worm module was added in 4.2 (2015), but was found to be
insufficient (see https://bugzilla.samba.org/show_bug.cgi?id=10430).
It was largely repaired for Samba 4.20, but this bug remained.