The remote host is missing an update to pam-pgsql announced via advisory DSA 370-1.

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20370-1

Florian Zumbiehl reported a vulnerability in pam-pgsql whereby the username to be used for authentication is used as a format string when writing a log message. This vulnerability may allow an attacker to execute arbitrary code with the privileges of the program requesting PAM authentication. For the stable distribution (woody) this problem has been fixed in version 0.5.2-3woody1. For the unstable distribution (sid) this problem has been fixed in version 0.5.2-7. We recommend that you update your pam-pgsql package.