Beware of this security hole – it can allow intruders to spawn a
remote shell as ‘nobody’ on your system.
A general patch for this is available via this BUGTRAQ
posting.
A better fix, in my opinion, would be to disable the ipop2
daemon (you probably don’t need it).
Edit the /etc/inetd.conf file and comment out the line that
begins with “pop-2” by inserting a pound sign (#) in front of it.
Then restart your inet daemon with this command:
killall -HUP inetd