UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The dtspc daemon must be disabled on AIX.


Overview

Finding ID Version Rule ID IA Controls Severity
V-215378 AIX7-00-003073 SV-215378r508663_rule Medium
Description
The dtspc service deals with the CDE interface of the X11 daemon. It is started automatically by the inetd daemon in response to a CDE client requesting a process to be started on the daemon's host. This makes it vulnerable to buffer overflow attacks, which may allow an attacker to gain root privileges on a host. This service must be disabled unless it is absolutely required.
STIG Date
IBM AIX 7.x Security Technical Implementation Guide 2021-03-10

Details

Check Text ( C-16576r294585_chk )
From the command prompt, execute the following command:
# grep "^dtspc[[:blank:]]" /etc/inetd.conf

If there is any output from the command, this is a finding.
Fix Text (F-16574r294586_fix)
In "/etc/inetd.conf", comment out the "dtspc" entry by running command:
# chsubserver -r inetd -C /etc/inetd.conf -d -v 'dtspc' -p 'tcp'

Restart inetd:
# refresh -s inetd