The remote host is missing an update to exmh announced via advisory DSA 022-1.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20022-1

Former versions of the exmh program used /tmp for storing temporary files. No checks were made to ensure that nobody placed a symlink with the same name in /tmp in the meantime and thus was vulnerable to a symlink attack. This could lead to a malicious local user being able to overwrite any file writable by the user executing exmh. Upstream developers have reported and fixed this. The exmh program now use /tmp/login now unless TMPDIR or EXMHTMPDIR is set. We recommend you upgrade your exmh packages immediately.