Summary
The remote host is missing an update to xtel
announced via advisory DSA 090-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20090-1
Insight
The xtel (a X emulator for minitel) package as distributed with Debian GNU/Linux 2.2 has two possible symlink attacks:
* xteld creates a temporary file /tmp/.xtel-<user> without checking for symlinks.
* when printing a hardcope xtel would create a temporary file without protecting itself against symlink attacks.
Both problems have been fixed in version 3.2.1-4.potato.1 .