Title

The dtspc daemon must be disabled on AIX. (Cat II impact)

Discussion

The dtspc service deals with the CDE interface of the X11 daemon. It is started automatically by the inetd daemon in response to a CDE client requesting a process to be started on the daemon's host. This makes it vulnerable to buffer overflow attacks, which may allow an attacker to gain root privileges on a host. This service must be disabled unless it is absolutely required.

Check Content

From the command prompt, execute the following command: # grep "^dtspc[[:blank:]]" /etc/inetd.conf If there is any output from the command, this is a finding.

Fix Text

In "/etc/inetd.conf", comment out the "dtspc" entry by running command: # chsubserver -r inetd -C /etc/inetd.conf -d -v 'dtspc' -p 'tcp' Restart inetd: # refresh -s inetd

Additional Identifiers

Rule ID: SV-215378r508663_rule

Vulnerability ID: V-215378

Group Title: SRG-OS-000095-GPOS-00049

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.