CVE-2017-8779 exploit on open rpcbind port could lead to remote DoS

## Summary: An open rpcbind port on https://da.theendlessweb.com allows for possible exploitation by an existing Metasploit module. This could lead to large and unfreed memory allocations for XDR strings. ## Description: Port scanning on 149.56.38.19 which is the IP of https://da.theendlessweb.com shows open port 111 which runs 'rpcbind'. By using the auxiliary module auxiliary/dos/rpc/rpcbomb in Metasploit, it is possible to exploit the port and cause large memory allocations for XDR strings. Excessive memory allocations could exhaust the systems memory leading to a Denial of Service. As can be seen in the following screenshot: (please note that I did not expect the module to work therefore I continued the test, I am aware that causing a DoS is a serious offense and do not intend to do any damage) F711567 The exploit was completed successfully. I did not continue any further out of fear of unintended damage to the site. ## Steps To Reproduce: 1. Open the Metasploit framework and type 'use auxiliary/dos/rpc/rpcbomb' 2. set RHOSTS to 149.56.38.19 and RPORT to 111 3. Type 'exploit' ## Supporting Material/References: Some reference sites: https://www.rapid7.com/db/modules/auxiliary/dos/rpc/rpcbomb https://access.redhat.com/solutions/3025811 ##Solution/ Mitigation Close or filter port 111 ## Impact An attacker could use this vulnerability to trigger large unfreed memory allocations on the system leading to a remote Denial of Service.