The remote host is missing an update to the system as announced in the referenced advisory.

Update your system with the appropriate patches or software upgrades. http://www.ssh.com/company/newsroom/article/715/ http://www.frsirt.com/english/advisories/2006/0554 http://securitytracker.com/id?1015619 http://secunia.com/advisories/18828 http://xforce.iss.net/xforce/xfdb/24651 http://www.vuxml.org/freebsd/594ad3c5-a39b-11da-926c-0800209adf0e.html

The following packages are affected: ssh2 ssh2-nox11 CVE-2006-0705 Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command.