<!DOCTYPE html>
<html dir="auto">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
<meta http-equiv="X-UA-Compatible" content="IE=edge"/>
<style type="text/css">
body {
font-family:'Helvetica Neue', Helvetica, Arial, Geneva, sans-serif; font-size: 12px;
}
img {
outline: none;
text-decoration: none;
-ms-interpolation-mode: bicubic;
}
a img {
border: none;
}
h1,
h2,
h3 {
margin-top: 8px;
margin-bottom: 4px;
}
p {
margin: 8px 0;
min-height: 1.25rem;
}
blockquote {
padding: 1px 12px;
border-left: 5px solid #eee;
}
code {
padding: 1px 3px;
border-radius: 6px;
background-color: hsla(0, 0%, 0%, 0.1);
white-space: pre-wrap;
overflow-wrap: break-word;
}
pre {
margin: 8px 0;
padding: 10px;
border-radius: 6px;
border: 0;
background-color: hsla(0, 0%, 0%, 0.1);
white-space: pre-wrap;
word-break: break-all;
}
pre code {
padding: 0;
background: transparent;
}
table {
border-collapse: collapse;
mso-table-lspace: 0pt;
mso-table-rspace: 0pt;
border: none;
table-layout: auto;
display: block;
width: 100%;
overflow: auto;
word-break: keep-all;
margin: 0 0 16px;
}
table td {
border-collapse: collapse;
}
td, th {
padding: 7px 12px;
}
th {
font-weight: bold;
text-align: center;
}
col {
width: auto;
}
table.zammad-table {
max-width: 100%;
border: 2px solid hsl(0, 0%, 69%);
table-layout: fixed;
display: table;
margin: 8px 0;
overflow: hidden;
}
table.zammad-table td,
table.zammad-table th {
min-width: 1em;
border: 1px solid hsl(0, 0%, 69%);
vertical-align: top;
position: relative;
padding: 3px 5px;
box-sizing: border-box;
}
table.zammad-table td > *,
table.zammad-table th > * {
margin: 0;
}
table.zammad-table th {
text-align: unset;
background-color: hsla(0, 0%, 0%, 0.1);
}
hr {
margin: 8px 0;
height: 1px;
background-color: hsla(0, 0%, 0%, 0.1);
font-size: 0;
border: 0;
}
</style>
</head>
<body style="font-family:'Helvetica Neue', Helvetica, Arial, Geneva, sans-serif; font-size: 12px;;"><div>Hallo Freifunk-Kollegen,</div><div>diese Warnung sollte sich auf Euren Adressbereich beziehen.</div><br><div data-signature="true" data-signature-id="1"><div>Viele Grüße</div><div>Dieter Winkler</div><div><br></div><div>Freifunk Rheinland e. V.</div><div>Hirzenrott 2-4</div><div>52076 Aachen</div><div><br></div><div><a href="https://freifunk-rheinland.net" title="https://freifunk-rheinland.net" rel="nofollow noreferrer noopener" target="_blank">https://freifunk-rheinland.net</a></div><div>kontakt@freifunk-rheinland.net</div></div><br><div>---Anfang der weitergeleiteten Nachricht:---<br><br></div><div><blockquote type="cite" style="border-left: 2px solid blue; margin: 0 0 16px; padding: 8px 12px 8px 12px;"><div>Betreff: [CB-Report#20260506-10000405] Offen erreichbare PostgreSQL-Server in AS201701<br>Datum: 06.05.2026 05:01<br>Von: "CERT-Bund Reports" <reports@reports.cert-bund.de><br>An: abuse@freifunk-rheinland.net<br><br></div><div>[English version below]</div><div><br></div><div>***** Wichtige Sicherheitsinformation *****</div><div><br></div><div>Sehr geehrte Damen und Herren,</div><div><br></div><div>PostgreSQL ist ein relationales Datenbank-Managementsystem (DBMS),</div><div>das häufig im Zusammenhang mit Webanwendungen eingesetzt wird.</div><div><br></div><div>Unbefugte Zugriffe auf das DBMS unter Ausnutzung von Schwachstellen,</div><div>Fehlkonfigurationen oder mittels ausgespähter Zugangsdaten können dazu führen,</div><div>dass Angreifende in den Datenbanken gespeicherten Informationen ausspähen,</div><div>manipulieren oder löschen können, was weitreichende Folgen haben kann.</div><div><br></div><div>Zum Schutz vor Angriffen sollte ein Zugriff auf das DBMS daher grundsätzlich</div><div>nur vom Anwendungsserver sowie von vertrauenswürdigen Administrationsnetzen</div><div>(ggf. über eine VPN-Anbindung) aus möglich sein. Keinesfalls sollte ein</div><div>direkter Zugriff aus dem Internet auf das DBMS erlaubt sein.</div><div><br></div><div>Nachfolgend senden wir Ihnen eine Liste von IP-Adressen in Ihrem</div><div>Netzbereich, unter denen zum angegebenen Zeitpunkt (Zeitstempel UTC)</div><div>offen aus dem Internet erreichbare PostgreSQL-Server identifiziert wurden.</div><div><br></div><div>Wir möchten Sie bitten, den Sachverhalt zu prüfen und entsprechende</div><div>Maßnahmen zur Absicherung betroffener Systeme zu ergreifen.</div><div><br></div><div>Diese E-Mail ist mittels PGP digital signiert.</div><div>Informationen zu dem verwendeten Schlüssel finden Sie unter:</div><div><<a href="https://reports.cert-bund.de/digitale-signatur" title="https://reports.cert-bund.de/digitale-signatur" rel="nofollow noreferrer noopener" target="_blank">https://reports.cert-bund.de/digitale-signatur</a>></div><div><br></div><div>Bitte beachten Sie:</div><div>Dies ist eine automatisch generierte Nachricht. Antworten an die</div><div>Absenderadresse <<a href="mailto:reports@reports.cert-bund.de" title="mailto:reports@reports.cert-bund.de">reports@reports.cert-bund.de</a>> werden NICHT gelesen</div><div>und automatisch verworfen. Bei Rückfragen wenden Sie sich bitte</div><div>unter Beibehaltung der Ticketnummer [CB-Report#...] in der</div><div>Betreffzeile an <<a href="mailto:certbund@bsi.bund.de" title="mailto:certbund@bsi.bund.de">certbund@bsi.bund.de</a>>.</div><div><br></div><div>======================================================================</div><div><br></div><div>***** Important security advisory *****</div><div><br></div><div>Dear Sir or Madam,</div><div><br></div><div>PostgreSQL is a relational database management system (DBMS) often used</div><div>with web applications.</div><div><br></div><div>Unauthorized access to the DBMS by exploiting vulnerabilities, misconfigurations,</div><div>or by using compromised login credentials can result in malicious actors</div><div>being able to access, manipulate or delete information stored in the databases,</div><div>which can have far-reaching consequences.</div><div><br></div><div>To protect against such kind of attacks, access to the DBMS should be limited</div><div>to the application server and trusted management networks or a VPN connection.</div><div>The DBMS should never be exposed to the Internet.</div><div><br></div><div>Please find below a list of affected IP addresses on your network.</div><div>The timestamp (timezone UTC) indicates when an openly accessible</div><div>PostgreSQL server was found to be running on respective IP address.</div><div><br></div><div>We would like to ask you to take appropriate steps to secure</div><div>affected systems or notify your customers accordingly.</div><div><br></div><div>This message is digitally signed using PGP.</div><div>Information on the signature key is available at:</div><div><<a href="https://reports.cert-bund.de/en/digital-signature" title="https://reports.cert-bund.de/en/digital-signature" rel="nofollow noreferrer noopener" target="_blank">https://reports.cert-bund.de/en/digital-signature</a>></div><div><br></div><div>Please note:</div><div>This is an automatically generated message. Replies to the</div><div>sender address <<a href="mailto:reports@reports.cert-bund.de" title="mailto:reports@reports.cert-bund.de">reports@reports.cert-bund.de</a>> will NOT be read</div><div>but silently be discarded. In case of questions, please contact</div><div><<a href="mailto:certbund@bsi.bund.de" title="mailto:certbund@bsi.bund.de">certbund@bsi.bund.de</a>> and keep the ticket number [CB-Report#...]</div><div>of this message in the subject line.</div><div><br></div><div>============================================================================</div><div>Bitte teilen Sie uns unter <<a href="mailto:certbund@bsi.bund.de" title="mailto:certbund@bsi.bund.de">certbund@bsi.bund.de</a>> mit, wenn Sie die Daten zu</div><div>betroffenen Systemen zukünftig als Dateianhang statt inline erhalten möchten.</div><div><br></div><div>Please let us know at <<a href="mailto:certbund@bsi.bund.de" title="mailto:certbund@bsi.bund.de">certbund@bsi.bund.de</a>> if you would like to receive</div><div>the data on affected systems as a file attachment instead of inline.</div><div>============================================================================</div><div><br></div><div>Betroffene Systeme in Ihrem Netzbereich:</div><div>Affected hosts on your networks:</div><div><br></div><div>"asn","ip","timestamp","port"</div><div>"201701","2a03:2260:0:b9::2","2026-05-05 00:07:59","5432"</div><div>"201701","2a03:2260:0:198::2","2026-05-05 00:08:12","5432"</div><div>"201701","2a03:2260:0:3d3::2","2026-05-05 00:59:49","5432"</div><div>"201701","2a03:2260:3009::103","2026-05-05 00:59:52","5432"</div><div>"201701","2a03:2260:0:1eb::2","2026-05-05 01:52:09","5432"</div><div>"201701","2a03:2260:3009::102","2026-05-05 04:50:49","5432"</div><div>"201701","2a03:2260:0:19a::2","2026-05-05 05:58:31","5432"</div><div>"201701","2a03:2260:0:b7::2","2026-05-05 07:12:33","5432"</div><div>"201701","2a03:2260:0:bc::2","2026-05-05 07:12:44","5432"</div><div>"201701","2a03:2260:0:3cf::2","2026-05-05 07:12:44","5432"</div><div>"201701","2a03:2260:0:3d4::2","2026-05-05 07:12:55","5432"</div><div>"201701","2a03:2260:0:b8::2","2026-05-05 09:42:35","5432"</div><div>"201701","2a03:2260:0:3d1::2","2026-05-05 09:42:42","5432"</div><div>"201701","2a03:2260:0:3d2::2","2026-05-05 09:42:47","5432"</div><div>"201701","2a03:2260:0:3d0::2","2026-05-05 10:53:10","5432"</div><div>"201701","2a03:2260:0:bb::2","2026-05-05 11:24:15","5432"</div><div>"201701","2a03:2260:0:ba::2","2026-05-05 11:32:06","5432"</div><div>"201701","2a03:2260:0:199::2","2026-05-05 11:32:13","5432"</div><div>"201701","2a03:2260:0:19b::2","2026-05-05 11:48:52","5432"</div><div>"201701","2a03:2260:3009::104","2026-05-05 11:57:25","5432"</div><div>"201701","2a03:2260:0:1ec::2","2026-05-05 12:13:32","5432"</div><div><br></div><div>Mit freundlichen Grüßen / Kind regards</div><div>Team CERT-Bund</div><div><br></div><div>Bundesamt für Sicherheit in der Informationstechnik</div><div>Federal Office for Information Security (BSI)</div><div>CERT-Bund</div><div>Godesberger Allee 87, 53175 Bonn, Germany</div></blockquote></div><div><br></div></body>
</html>