The remote host is missing an update to openssh (1:3.8.1p1-8.sarge.6) announced via advisory DSA 1212-1. Two denial of service vulnerabilities have been found in the OpenSSH server. CVE-2006-4924 The sshd support for ssh protcol version 1 does not properly handle duplicate incoming blocks. This could allow a remote attacker to cause sshd to consume significant CPU resources leading to a denial of service. CVE-2006-5051 A signal handler race condition could potentially allow a remote attacker to crash sshd and could theoretically lead to the ability to execute arbitrary code.

For the stable distribution (sarge), these problems have been fixed in version 1:3.8.1p1-8.sarge.6 For the unstable and testing distributions, these problems have been fixed in version 1:4.3p2-4 We recommend that you upgrade your openssh package. https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201212-1