The remote host is missing an update to gftp announced via advisory DSA 055-1.
The gftp package as distributed with Debian GNU/Linux 2.2 has a problem in its logging code: it logged data received from the network but it did not protect itself from printf format attacks. An attacker can use this by making a FTP server return special responses that exploit this. This has been fixed in version 2.0.6a-3.1, and we recommend that you upgrade your gftp package.
CVSS Base Score: 4.6