The remote Debian host is missing a security-related update.
Bjorn Bosselmann discovered that the umount bash completion from util-linux does not properly handle embedded shell commands in a mountpoint name. An attacker with rights to mount filesystems can take advantage of this flaw for privilege escalation if a user (in particular root) is tricked into using the umount completion while a specially crafted mount is present.
Upgrade the util-linux packages. For the stable distribution (stretch), this problem has been fixed in version 2.29.2-1+deb9u1.