The remote host is missing an update to splitvt announced via advisory DSA 1500-1.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201500-1

Mike Ashton discovered that splitvt, a utility to run two programs in a split screen, did not drop group privileges prior to executing 'xprop'. This could allow any local user to gain the privileges of group utmp. For the stable distribution (etch), this problem has been fixed in version 1.6.5-9etch1. For the unstable distribution (sid), this problem has been fixed in version 1.6.6-4. We recommend that you upgrade your splitvt package.