CVE-1999-0959

IRIX startmidi < - Local Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-1999-0959. PoCs published by David Hedley.

AI-analyzed exploit summary This exploit leverages a symbolic link vulnerability in the setuid root program 'startmidi' on Irix systems to create or overwrite arbitrary files with root ownership. The attack involves creating a symbolic link to a target file and invoking 'startmidi' to write to it, bypassing permission checks.

Description

IRIX startmidi program allows local users to modify arbitrary files via a symlink attack.

Exploits (1)

exploitdb WORKING POC VERIFIED
by David Hedley · textlocalirix
https://www.exploit-db.com/exploits/19355

This exploit leverages a symbolic link vulnerability in the setuid root program 'startmidi' on Irix systems to create or overwrite arbitrary files with root ownership. The attack involves creating a symbolic link to a target file and invoking 'startmidi' to write to it, bypassing permission checks.

Classification
Working Poc 100%
Attack Type
Lpe
Complexity
Trivial
Reliability
Reliable
Target: Silicon Graphics Irix 5.x and 6.x (startmidi utility)
No auth needed
Prerequisites: Access to an Irix system with the vulnerable 'startmidi' utility · Ability to create symbolic links in /tmp
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/469
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/1634
Vendor Advisory vendor-advisory x_refsource_sgi
ftp://patches.sgi.com/support/free/security/advisories/19980301-01-PX
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/8447

Scores

EPSS 0.0071
EPSS Percentile 48.5%

Details

Status published
Products (7)
sgi/irix 5
sgi/irix 6.0
sgi/irix 6.0.1
sgi/irix 6.1
sgi/irix 6.2
sgi/irix 6.3
sgi/irix 6.4
Published Feb 01, 1997
Tracked Since Feb 18, 2026