The remote host is missing an update to gftp announced via advisory DSA 055-1.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20055-1

The gftp package as distributed with Debian GNU/Linux 2.2 has a problem in its logging code: it logged data received from the network but it did not protect itself from printf format attacks. An attacker can use this by making a FTP server return special responses that exploit this. This has been fixed in version 2.0.6a-3.1, and we recommend that you upgrade your gftp package.