Linux users often use SFTP on OpenSSH for uploading and downloading files. However, OpenSSH SFTP has a remote overflow vulnerability.
ChrootDirectory is not configured for the OpenSSH server, general users are allowed to access all the resources in the file system, including
/proc. In Linux Kernel version 2.6.x or earlier versions,
/proc/self/maps reveals the memory layout and
/proc/self/mem lets you write to arbitrary memory positions. An attacker can combine the two features to start a remote overflow attack.
OpenSSH <= 6.6
Upgrade OpenSSH to the latest version from the official website.
Learn more: http://seclists.org/fulldisclosure/2014/Oct/35