Received: from malur.postgresql.org ([217.196.149.56])
	by arkaria.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1uaIjL-003TMz-5d
	for pgsql-general@arkaria.postgresql.org; Fri, 11 Jul 2025 18:44:19 +0000
Received: from localhost ([127.0.0.1] helo=malur.postgresql.org)
	by malur.postgresql.org with esmtp (Exim 4.94.2)
	(envelope-from <pgsql-general-owner+archive@lists.postgresql.org>)
	id 1uaIjG-006ll4-U5
	for pgsql-general@arkaria.postgresql.org; Fri, 11 Jul 2025 18:44:15 +0000
Received: from makus.postgresql.org ([2001:4800:3e1:1::229])
	by malur.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
	(Exim 4.94.2)
	(envelope-from <htamfids@gmail.com>)
	id 1uaIjG-006lkv-HK
	for pgsql-general@lists.postgresql.org; Fri, 11 Jul 2025 18:44:15 +0000
Received: from mail-il1-x135.google.com ([2607:f8b0:4864:20::135])
	by makus.postgresql.org with esmtps  (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256
	(Exim 4.96)
	(envelope-from <htamfids@gmail.com>)
	id 1uaIjF-006nzD-1C
	for pgsql-general@lists.postgresql.org;
	Fri, 11 Jul 2025 18:44:14 +0000
Received: by mail-il1-x135.google.com with SMTP id e9e14a558f8ab-3de18fde9cfso15033235ab.3
        for <pgsql-general@lists.postgresql.org>; Fri, 11 Jul 2025 11:44:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=gmail.com; s=20230601; t=1752259452; x=1752864252; darn=lists.postgresql.org;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:from:to:cc:subject:date:message-id:reply-to;
        bh=FOlWg0U3L5cF4FJnToAXKmw/a5VrmtQRccMqL1IjPaI=;
        b=OPa2931JEYR74u0GNaHO6h3+nXMV1MhQ+aLHkIsR57VSCpGqLgqgYAbovbdMF8Azum
         uNrAYGm67se1N0OWOtMbRcL6EHG+64q8S/j3kCRCM+PxekbiYZyH9pA4c3MnBdMRlbN9
         6/eY3sqsDptkTh6qNUGMexOYNXo3GcuGhmoTOY5fEYXn2vDFdt8WZ9/eOpPp6zY0wzG5
         FyMtvdRJBUde99j0WYLvAYzmViHcwaZbFaIKrEFzs9mQNY0+vszvmcLYVTQn5t8WZZ6M
         a0ctj6XASeZ/Kccdvz+siPi8seo5F+/Or4Yp7UXGlPzG4Q454+l7wVnyFyYA2MumkpL+
         /liA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1752259452; x=1752864252;
        h=cc:to:subject:message-id:date:from:in-reply-to:references
         :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=FOlWg0U3L5cF4FJnToAXKmw/a5VrmtQRccMqL1IjPaI=;
        b=YANPptZKUxn1HzMSPQ+rh2zN99cIusCNh5VU0klIZmkoJZMK7YrH8NbQ3UiMLbekyW
         I44RAJRmecprNUA+VWeivlc6b8odcsWY0Rd5RzcMKvFpAyOGXOG7FphT1bDDHm14/+rL
         /P3lqFintRiOi4K/SBRU4AJIf6+eetg7jjVW46aH3GonoL1smEj/T3X9jhsKTjG58Vzr
         iKdzy2M8VNxl8UpStR+4CA54Dj1bdaEoUaj55Ag1NKiyVNG/EOtbssgHl+0ZB9z2s9W1
         HzwDfpTf9RpeW9a51O2/tPGcSY1vRMRRr/oZsOkNqleAJLkJZjVTtvxZZy/ym+oAkgcI
         1UiA==
X-Gm-Message-State: AOJu0Yw4P8+NVEGjufEd88i7sVWixwsQeTyH1mZ33sqHiB3o1dxJWDjt
	1UesBHpAm9ggp2TmaN4pmD8tDxrUZOfPlfPaacw+m05NoMlGYi48wjyeiGSShaSWwr7epiJEMJd
	OiZyFcPDI9UO6bdRnQo3aXtuu2tH99yk=
X-Gm-Gg: ASbGncs8TxrC1hNyZrGlAi2MEDAngT6Fxu9q4XRBVNMOibuP60dtJJwxQlHvnodxC1L
	aH5lqUjVSew6jxGn3xpAgq4qi+pVcAT8auYNcvImySXqIYVgj+LHhPuvSEOY5+MWof0RM/BZCMn
	9+zG1PQ+RxdVn5YrFsQb9AMsTslLTmlejspIkFKKg77GTz1NY8OWcDIQpndBSCS1/hYQskwaWr6
	OXCH7dMHjn0vtFbYXr4/xKTTdVedpr5bj/9nH+OVQ==
X-Google-Smtp-Source: AGHT+IGj4GOrSU9ke5VS7Dg7DlsOEBBQa5EvKid+KeTW91KefACuEbO3nL8QSGqRJqaVfSQJ467sB9x1pXdEh/z2EN8=
X-Received: by 2002:a05:6e02:1c0c:b0:3df:3271:6aba with SMTP id
 e9e14a558f8ab-3e254327ac0mr42026055ab.15.1752259452247; Fri, 11 Jul 2025
 11:44:12 -0700 (PDT)
MIME-Version: 1.0
References: <CAOXzpYDdNrTNE3rj4nvVfvyN=QHdAX6+P7HHR0akkEafxZ6_fw@mail.gmail.com>
In-Reply-To: <CAOXzpYDdNrTNE3rj4nvVfvyN=QHdAX6+P7HHR0akkEafxZ6_fw@mail.gmail.com>
From: Greg Sabino Mullane <htamfids@gmail.com>
Date: Fri, 11 Jul 2025 14:43:36 -0400
X-Gm-Features: Ac12FXxogh2LLK4vi4eMHDkCp6aEG23cND6tgw7pDI9V3kYeuh_BS69E25Xhw9k
Message-ID: <CAKAnmm+oCJSL=66ES5nQwWu6bF=P5WAyUmxwgLStsbsng5RREg@mail.gmail.com>
Subject: Re: I have a suspicious query
To: Edmundo Robles <edmundo@sw-argos.com>
Cc: pgsql-general@lists.postgresql.org
Content-Type: multipart/alternative; boundary="00000000000034a6220639abb232"
List-Id: <pgsql-general.lists.postgresql.org>
List-Help: <https://lists.postgresql.org/manage/>
List-Subscribe: <https://lists.postgresql.org/manage/>
List-Post: <mailto:pgsql-general@lists.postgresql.org>
List-Owner: <mailto:pgsql-general-owner@lists.postgresql.org>
List-Archive: <https://www.postgresql.org/list/pgsql-general>
Archived-At: <https://www.postgresql.org/message-id/CAKAnmm%2BoCJSL%3D66ES5nQwWu6bF%3DP5WAyUmxwgLStsbsng5RREg%40mail.gmail.com>
Precedence: bulk

--00000000000034a6220639abb232
Content-Type: text/plain; charset="UTF-8"

Looks like someone testing out the fake Postgres CVE 2019-9193

https://nvd.nist.gov/vuln/detail/CVE-2019-9193

See for example:

https://packetstorm.news/files/id/166540

But certainly the first step is finding out who or what is running this.

Cheers,
Greg

--00000000000034a6220639abb232
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr">Looks like someone testing out the fake Postgres CVE 2019-=
9193<div><br></div><div><a href=3D"https://nvd.nist.gov/vuln/detail/CVE-201=
9-9193">https://nvd.nist.gov/vuln/detail/CVE-2019-9193</a></div><div><br><d=
iv>See for example:</div><div><br></div><div><a href=3D"https://packetstorm=
.news/files/id/166540">https://packetstorm.news/files/id/166540</a></div><d=
iv><br></div><div>But certainly the first step is finding out who or what i=
s running this.</div></div><div><br></div><div>Cheers,</div><div>Greg</div>=
<div><br></div></div>

--00000000000034a6220639abb232--