The remote host is missing an update to dspam announced via advisory DSA 1501-1.
Tobias Gruetzmacher discovered that a Debian-provided CRON script in dspam, a statistical spam filter, included a database password on the command line when using the MySQL backend. This allowed a local attacker to read the contents of the dspam database, such as emails. For the stable distribution (etch), this problem has been fixed in version 3.6.8-5etch1. Packages for the mipsel architecture will be added as soon as they become available. The old stable distribution (sarge) does not contain the dspam package. For the unstable distribution (sid), this problem has been fixed in version 3.6.8-5.1. We recommend that you upgrade your dspam package.
CVSS Base Score: 2.1