CVE-1999-0959 is a high-severity local privilege vulnerability affecting the IRIX operating system, specifically versions 5 through 6.4. The vulnerability resides in the 'startmidi' program, which is part of the IRIX multimedia subsystem. The flaw allows local users to perform a symlink (symbolic link) attack to modify arbitrary files on the system. Essentially, the 'startmidi' program does not securely handle temporary files or file paths, enabling an attacker with local access to create symbolic links pointing to sensitive files. When 'startmidi' operates on these symlinks, it inadvertently overwrites or modifies the target files, potentially leading to unauthorized changes in system files or user data. This vulnerability impacts confidentiality, integrity, and availability because it can be exploited to alter critical system files, escalate privileges, or disrupt system operations. The CVSS v2 score is 7.2, indicating high severity, with the vector AV:L/AC:L/Au:N/C:C/I:C/A:C meaning it requires local access, low attack complexity, no authentication, and impacts confidentiality, integrity, and availability fully. Although no known exploits in the wild have been reported, the availability of patches from SGI indicates that the vendor addressed the issue. The vulnerability is significant for environments still running legacy IRIX systems, which are rare today but may exist in specialized industrial or research contexts.

For European organizations, the impact of this vulnerability is primarily relevant to those maintaining legacy IRIX systems, often found in niche sectors such as scientific research, industrial control, or media production where SGI hardware and software were historically used. Exploitation could allow local attackers—such as disgruntled employees or contractors with system access—to modify critical files, potentially leading to system compromise, data corruption, or denial of service. This could disrupt operations, cause data loss, or facilitate further privilege escalation attacks. While the threat is limited by the requirement for local access and the obsolescence of IRIX, organizations relying on these systems for legacy applications or data processing must consider the risk. Failure to patch could expose sensitive data or critical infrastructure components to unauthorized modification, impacting operational continuity and compliance with data integrity standards.

Organizations should immediately verify whether any IRIX systems in their environment are running affected versions (5 through 6.4). If so, they must apply the official patches provided by SGI, available at the referenced FTP links. Since IRIX is an outdated OS, consider isolating these systems on segmented networks with strict access controls to limit local user access. Implement strict user account management to minimize the number of users with local login privileges. Employ file integrity monitoring on critical files to detect unauthorized modifications. Additionally, consider migrating legacy workloads to modern, supported platforms to eliminate exposure to this and other legacy vulnerabilities. Regularly audit and monitor system logs for suspicious activity related to 'startmidi' or file modifications. Finally, educate local users about the risks of symlink attacks and enforce least privilege principles to reduce attack surface.