Important Information

There has been a serious integer overflow vulnerability found in the UltraVNC viewer with versions 1.0.5.3 and earlier. There is more information about this vulnerability at Core Security.

Notice that this is for the viewer only. The server is not affected by this bug.

Solution

The easiest way to upgrade the viewer is to upgrade to the latest release of VENM Console. This version uses the patched viewer and is safe.

Alternatively, you can manually update your vncviewer.exe by performing the following steps:

1. Download the zipped viewer here
2. Unzip the vncviewer.exe into the following places:

• “C:\Program Files\Bozteck\VNCScan Console .Net”
• “C:\fastpush\vnc7\ultra”

Thank You,

Steve Bostedor
Bozteck VENM Support

http://www.vncscan.com

Twitter This

UserName: Password:

Introduction

Bozteck VENM Console makes it very easy to deploy many versions of the VNC (Virtual Network Computing) remote control software to desktops and servers on your network.

With VENM, you simply create a template of settings called a Deployment Profile, select some computers, and choose to deploy VNC to them from the toolbar. Using the settings in your Deployment Profile, VNC is copied onto the remote computers, the services are installed and started, and you are ready to remote control the desktops!

Security and Authentication

Because this tool is copying files to secured ares of the hard disk over the network, you do need to know the credentials of a valid Administrator level user for the remote computer(s). If the computers are joined to a domain, you can typically use the domain administrator account.

If the computer is not a member of an Active Directory domain, you simply use the local administrator username and password. You will see in the instructions below how to specify this using the %HOST% variable.

You can enter and save these login credentials in the group properties if you’d like. You can do this by right-clicking a group and choosing to view it’s properties. You can save them in the section called “Remote Login Settings”. You can also simply enter them in every time that you choose to deploy a computer.

Firewalls

Files are being transferred over the network and commands to start and stop services are traveling about. This requires that any firewalls be adjusted to allow for this.

The deployment process requires that TCP port 445 is open on each computer. In addition, it would be a good idea to allow TCP and UDP ports 138 and 139. These are the standard Windows filesharing ports.

The deployment script will open any additional ports required by VNC for you.

Step-By-Step

Select The Deployment Editor

Choose to create a new profile

Fill in the desired settings
Note: only version and password are required
Choose to Deploy VNC from the ToolBar

Twitter This

UserName: Password:

UltraVNC has released another release candidate of their popular UltraVNC Server. You can download it here.

I’ve put together an MSI file that you can use to silently install the 1.0.4 RC 14 release. You can download it here. To use it, run the command:

UltraVNC104RC14.msi /qn

Note: You can read information about this release in their forums.

Twitter This

UserName: Password:

Download: http://www.bozteck.com/vncscan.2007.11.21.exe

This was supposed to be just a bug fix release but I decided to slip in a couple of features to make it worth the download. I know that the new features weren’t blockbuster features but there are more coming that should make up for it.

The main visible new addition is the support for TightVNC view-only password in the deployment wizard. This has been requested a number of times so I hope that it is something that makes VENM more valuable to you.

I know that a lot of people are eagerly awaiting Vista support in the VNC deployment wizard. We’ve been waiting on the guys at UltraVNC to finish the 1.0.4 release that will be fully Vista compatible but until then, there has been a lot of behind the scenes coding inside the VENM software in preparation.

One small hint of that development can be seen in a new file that is created in your My Documents\VNCScan\profiles\ folder called ultravnc.ini. The new version of UltraVNC server will use this file for it’s settings instead of the registry. Theoretically, you could download the setup from http://www.uvnc.com, install it, and copy the binary files into c:\fastpush\vnc7\ultra and deploy it to Vista. This has’t been fully tested, yet, but that’s the idea.

Thank you for taking an interest in VNCScan Enterprise Network Manager.

Sincerely,

Steve Bostedor

Twitter This

UserName: Password: