The remote host is missing an update to shadow announced via advisory DSA 1150-1. A bug has been discovered in several packages that execute teh setuid() system call without checking for sucess when trying to drop privileges, which may fail with some PAM configurations.

For the stable distribution (sarge) this problem has been fixed in version 4.0.3-31sarge8. For the unstable distribution (sid) this problem has been fixed in version 4.0.17-2. We recommend that you upgrade your passwd package. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201150-1